Microsoft Radius Authentication with PA

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Microsoft Radius Authentication with PA

L2 Linker



I am trying to setup Radius Authentication with PA. I have setup EAP(PEAP) and EAP-MSCHAP v2 on the windows radius server. However I can only login to the firewall using PAP. I have tried to import the certificate from the radius server but not sure why I can't use the EAP or MSCHAP options. 


Please advice as I am not sure if I am exporting and importing the certificate corretly.





Cyber Elite
Cyber Elite


You need to ensure that the root and intermediate certificates are included in the certificate profile assigned to your RADIUS server profile. You sure that you have the certificate profile configured correctly? 



Thanks for your reply, well I think I am doing it correctly. Any one has a guide with images which I can use?

Hi !

I used this link

but it isn't helped me.

In my case PAP auth also works, but MS-CHAP - doesn't.

I've generated Digicert, imported it into NPS Radius local machine storage (private key end CA) on PA GP I've created a

proper profile linked to Digicert CA.


Please, advise.

Hi OleksM,


We both having same issues. 



Do you guys think there are limitations for Administrator authentication which only supports "PAP" by any of the vendors like Microsoft/Pulse Secure Radius etc..

I am not able to find any of the vendors in the industry that supports EAP encryption on top of PAP or CHAP. Like EAP-TTLS with PAP

Any vendors do you think supports EAP-TTLS with PAP for Firewall Admin authentication ? NOT for global protect as radius client. Here firewall itself is a radius client.

I use Aruba ClearPass with EAP-TTLS with PAP works fine for admin login. 

  • 6 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!