Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Add a RADIUS server

You learn how to add a RADIUS server.

  1. Go to Authentication > Servers and click Add.
  2. From the Server type list, select RADIUS server.
  3. Enter a name.
  4. Type an IP address.
  5. Specify the settings.

    Setting Description
    Authentication port Port to use for authentication. The default value is 1812.
    Time-out

    Time within which the authentication must be completed.

    Acceptable range: 1 to 60 seconds

    Enable accounting

    Enable accounting on the RADIUS server.

    The firewall sends accounting start request and time to the server when the user logs on, and accounting stop request and time when the user logs off. Supported client types: Windows client, HTTP client, Linux client, Android, iOS, iOS HTTP client, Android HTTP client, API client.

    The accounting stop message is not sent to the server when the firewall shuts down or reboots.

    Accounting port Port number to use for sending accounting information from the firewall to the RADIUS server. The default value is 1813.
    Shared secret Text string that serves as the password between the client and the server. The character limit is 48.
    Domain name

    Creates a local entry automatically in the format user@domainname when users sign in.

    We recommend specifying a domain name when you use both AD and RADIUS servers for authentication. For example, you may use AD as your primary authentication method but use the RADIUS server for VPN or multi-factor authentication.

    Group name attribute Alias for the configured group name which is displayed to the user.

    Note

    If a domain name isn't configured, the RADIUS server creates a user without a domain name. This creates duplicate local entries if you authenticate with both AD and RADIUS servers since the AD server creates user records with the domain name (example: user@domainname).

  6. Click Enable additional settings and specify settings.

    Option Description
    NAS-identifier String identifying the NAS originating the access request, for example, an FQDN.
    NAS-port-type Type of the physical port of the NAS which is authenticating the user.
  7. Click Test connection to validate the user credentials and check the connection to the server.

  8. Click Save.

Go to Authentication > Services and select servers to use for service authentication.