Skip to content

Configure RADIUS authentication

You can add existing RADIUS users to the firewall. To do this, you add a RADIUS server and set the primary authentication method.


When you complete this unit, you'll know how to do the following:

  • Add and configure a RADIUS server on the firewall.
  • Set the primary authentication method so that the firewall queries the AD server first.

Add a RADIUS server

Add a RADIUS server that includes a shared secret and group name attribute.

You’ll need the following information to complete this task:

  • RADIUS server shared secret
  • RADIUS server group name attribute

  • Go to Authentication > Servers and click Add.

  • Specify the settings.


    For settings not listed here, use the default value.

    Use the shared secret and group name attribute that are configured on the RADIUS server.

    Option Value
    Server type RADIUS server
    Server name SF_RADIUS
    Server IP
    Enable accounting Yes
    Accounting port 1813
    Shared secret <RADIUS server shared secret>
    Group name attribute <RADIUS server group name attribute>
  • Click Test connection to validate the user credentials and check the connection to the server.

  • Click Save.

Set primary authentication method

To query the RADIUS server first, you set it as the primary authentication method. When users sign in to the firewall for the first time, they're automatically added as a member of the default group specified.

  1. Go to Authentication > Services.
  2. In the authentication server list, select SF_RADIUS.
  3. Move the server to the first position in the list of selected servers.

    RADIUS server as primary authentication server.

  4. Click Apply.

Test the configuration by signing in through the captive portal with user credentials from the RADIUS server. You can access the captive portal at https://<IP address of Sophos Firewall>:8090.

Sign in through the captive portal.