Microsoft Radius Authentication with PA

Reply
Highlighted
L2 Linker

Microsoft Radius Authentication with PA

Hi,

 

I am trying to setup Radius Authentication with PA. I have setup EAP(PEAP) and EAP-MSCHAP v2 on the windows radius server. However I can only login to the firewall using PAP. I have tried to import the certificate from the radius server but not sure why I can't use the EAP or MSCHAP options. 

 

Please advice as I am not sure if I am exporting and importing the certificate corretly.

 

 

Thanks

Highlighted
Cyber Elite

@umar00o,

You need to ensure that the root and intermediate certificates are included in the certificate profile assigned to your RADIUS server profile. You sure that you have the certificate profile configured correctly? 

Highlighted
L2 Linker

Hi,

 

Thanks for your reply, well I think I am doing it correctly. Any one has a guide with images which I can use?

Highlighted
L0 Member

Hi !

I used this link https://drive.google.com/file/d/1_wjjrIILr2akt63ueUIK-xAq9zPwGqWw/view

but it isn't helped me.

In my case PAP auth also works, but MS-CHAP - doesn't.

I've generated Digicert, imported it into NPS Radius local machine storage (private key end CA) on PA GP I've created a

proper profile linked to Digicert CA.

 

Please, advise.

Highlighted
L2 Linker

Hi OleksM,

 

We both having same issues. 

 

Thanks

Highlighted

Do you guys think there are limitations for Administrator authentication which only supports "PAP" by any of the vendors like Microsoft/Pulse Secure Radius etc..

I am not able to find any of the vendors in the industry that supports EAP encryption on top of PAP or CHAP. Like EAP-TTLS with PAP

Any vendors do you think supports EAP-TTLS with PAP for Firewall Admin authentication ? NOT for global protect as radius client. Here firewall itself is a radius client.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!