Configure RADIUS authentication
You can add existing RADIUS users to the firewall. To do this, you add a RADIUS server and set the primary authentication method.
When you complete this unit, you'll know how to do the following:
- Add and configure a RADIUS server on the firewall.
- Set the primary authentication method so that the firewall queries the AD server first.
Add a RADIUS server
Add a RADIUS server that includes a shared secret and group name attribute.
You’ll need the following information to complete this task:
- RADIUS server shared secret
RADIUS server group name attribute
Go to Authentication > Servers and click Add.
Specify the settings.
For settings not listed here, use the default value.
Use the shared secret and group name attribute that are configured on the RADIUS server.
Option Value Server type RADIUS server Server name SF_RADIUS Server IP 192.168.1.102 Enable accounting Yes Accounting port 1813 Shared secret <RADIUS server shared secret> Group name attribute <RADIUS server group name attribute>
Click Test connection to validate the user credentials and check the connection to the server.
- Click Save.
Set primary authentication method
To query the RADIUS server first, you set it as the primary authentication method. When users sign in to the firewall for the first time, they're automatically added as a member of the default group specified.
- Go to Authentication > Services.
- In the authentication server list, select SF_RADIUS.
Move the server to the first position in the list of selected servers.
Test the configuration by signing in through the captive portal with user credentials from the RADIUS server. You can access the captive portal at
https://<IP address of Sophos Firewall>:8090.