topic Re: Panorama and PANOS RADIUS Authentication Failing after upgrade to 10.2 in Panorama Discussions https://live.paloaltonetworks.com/t5/panorama-discussions/panorama-and-panos-radius-authentication-failing-after-upgrade/m-p/593045#M2413 <P>Thanks <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/191836">@BKRogers</a>!<BR />Found no mention of this behavior change in release notes or known issues.</P> Thu, 25 Jul 2024 18:09:02 GMT fwmike2 2024-07-25T18:09:02Z Panorama and PANOS RADIUS Authentication Failing after upgrade to 10.2 https://live.paloaltonetworks.com/t5/panorama-discussions/panorama-and-panos-radius-authentication-failing-after-upgrade/m-p/526016#M1302 <P>Hello,&nbsp;</P> <P>Thought I would pass on this solution I found.&nbsp; After upgrading our Panorama from 10.1 to 10.2, our RADIUS authentication no longer worked.&nbsp; The root cause was our Microsoft RADIUS server was using TLS 1.0 for the PEAP-MSCHAP TLS handshake and 10.2 REQUIRES TLS 1.1.</P> <P>&nbsp;</P> <P>The solution is to add the following registry setting to your Microsoft NPS server</P> <P><STRONG>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP\13</STRONG></P> <P>add a DWORD&nbsp;<STRONG>TlsVersion&nbsp;</STRONG>with a hex value of 0x3C0</P> <P>then reboot.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>This value will allow the MS NPS server to negotiate TLS 1.0 and TLS 1.1.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>You probably DONT want to enable TLS 1.2 yet.&nbsp; I found enabling TLS 1.2 will cause 10.1 PANOS to fail the RADIUS handshake.</P> <P>&nbsp;</P> <P>Related MS Link</P> <P><A href="https://support.microsoft.com/en-us/topic/microsoft-security-advisory-update-for-microsoft-eap-implementation-that-enables-the-use-of-tls-october-14-2014-d9ba4b83-b4e9-2c01-83a7-e42706e671af" target="_blank">Microsoft security advisory: Update for Microsoft EAP implementation that enables the use of TLS: October 14, 2014 - Microsoft Support</A></P> Thu, 05 Jan 2023 15:24:47 GMT https://live.paloaltonetworks.com/t5/panorama-discussions/panorama-and-panos-radius-authentication-failing-after-upgrade/m-p/526016#M1302 BKRogers 2023-01-05T15:24:47Z Re: Panorama and PANOS RADIUS Authentication Failing after upgrade to 10.2 https://live.paloaltonetworks.com/t5/panorama-discussions/panorama-and-panos-radius-authentication-failing-after-upgrade/m-p/593045#M2413 <P>Thanks <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/191836">@BKRogers</a>!<BR />Found no mention of this behavior change in release notes or known issues.</P> Thu, 25 Jul 2024 18:09:02 GMT https://live.paloaltonetworks.com/t5/panorama-discussions/panorama-and-panos-radius-authentication-failing-after-upgrade/m-p/593045#M2413 fwmike2 2024-07-25T18:09:02Z