Add RADIUS Server

This page describes how to add a RADIUS server.

  1. Go to Device Configuration > Configure > Authentication > Authentication Server and click Add.
  2. Select the server type RADIUS Server.
  3. Enter values for the following settings:
    Server Name
    Enter a descriptive name for the RADIUS server.
    Server IP
    Enter an IP address for the RADIUS server.
    Authentication Port
    Enter the authentication port of the RADIUS server. By default, this is port 1812.
    Enable Accounting
    Enable accounting on RADIUS server.
    Sophos XG Firewall sends the following information to the RADIUS server as soon as the user logs in:
    • Accounting start request
    • User sign-in time
    Sophos XG Firewall sends the following information to the RADIUS server the moment the user logs out:
    • Accounting stop request
    • User sign-out time
    Note Supported client types: Windows Client, HTTP Client, Linux Client, Android, iOS, iOS HTTP Client, Android HTTP Client, API Client.
    Note The accounting stop message is not sent to the RADIUS server when Sophos XG Firewall shuts down or reboots.
    Accounting Port
    (only if Enable Accounting is active)
    Enter a RADIUS port number through which the Sophos XG Firewall can communicate with RADIUS.
    Shared Secret
    Enter the shared secret which is a text string that serves as a password between a RADIUS client and a RADIUS server.
    Group Name Attribute
    Enter the alias for the configured group name which is displayed to the user.
  4. Optional. Click Enable Additional Settings and specify settings.
    NAS-identifier
    String identifying the NAS originating from access request, for example, an FQDN.
    NAS-port-type
    Type of the physical port of the NAS which authenticates the user.
    Figure: Add External Server
  5. Click Test Connection to check the connectivity between the RADIUS server and the Sophos XG Firewall. It also validates RADIUS server user credentials.
  6. Click Save.
The RADIUS server is now available and appears in the Authentication Server list.