Radius Authentication - Passive Firewall

Reply
Highlighted
L2 Linker

Radius Authentication - Passive Firewall

Hi,

 

I am trying to authenticate the passive firewall via Radius for management purposes.

 

In the active firewall I have the same radius server configured with two different secret keys (one for active and one for passive).   On my radius server I have two clients.  One is the active firewall and the other for the passive.

 

I can authenticate the active firewall without any issues.  However, the passive firewall will not authenticate.  I receive an unknown user error.

 

Is this configuration possible?

L6 Presenter

Re: Radius Authentication - Passive Firewall

Hi there...The passive firewall should authenticate to Radius just like the active firewall.  Have you tried swapping the 2 Radius clients such that the passive firewall will authenticate to the active client, and active firewall --> passive client?  Also, you may want to check the secret key for typo.  Thanks.

 

L7 Applicator

Re: Radius Authentication - Passive Firewall

Confirm that you have both firewall local ip addresses setup on the RADIUS server.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
L2 Linker

Re: Radius Authentication - Passive Firewall

the ip addresses of both firewalls are setup on the radius server.

L7 Applicator

Re: Radius Authentication - Passive Firewall

The configuration is possible.

 

Check the system log to see if there is a more specific error.

Do a packet capture on the RADIUS server of the failed login to get the full details on the transaction.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!