Microsoft Radius Authentication with PA

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
umar00o
L2 Linker

Microsoft Radius Authentication with PA

Hi,

 

I am trying to setup Radius Authentication with PA. I have setup EAP(PEAP) and EAP-MSCHAP v2 on the windows radius server. However I can only login to the firewall using PAP. I have tried to import the certificate from the radius server but not sure why I can't use the EAP or MSCHAP options. 

 

Please advice as I am not sure if I am exporting and importing the certificate corretly.

 

 

Thanks

BPry
Cyber Elite

@umar00o,

You need to ensure that the root and intermediate certificates are included in the certificate profile assigned to your RADIUS server profile. You sure that you have the certificate profile configured correctly? 

umar00o
L2 Linker

Hi,

 

Thanks for your reply, well I think I am doing it correctly. Any one has a guide with images which I can use?

OleksM
L0 Member

Hi !

I used this link https://drive.google.com/file/d/1_wjjrIILr2akt63ueUIK-xAq9zPwGqWw/view

but it isn't helped me.

In my case PAP auth also works, but MS-CHAP - doesn't.

I've generated Digicert, imported it into NPS Radius local machine storage (private key end CA) on PA GP I've created a

proper profile linked to Digicert CA.

 

Please, advise.

umar00o
L2 Linker

Hi OleksM,

 

We both having same issues. 

 

Thanks

BhargavTelaprolu
L0 Member

Do you guys think there are limitations for Administrator authentication which only supports "PAP" by any of the vendors like Microsoft/Pulse Secure Radius etc..

I am not able to find any of the vendors in the industry that supports EAP encryption on top of PAP or CHAP. Like EAP-TTLS with PAP

Any vendors do you think supports EAP-TTLS with PAP for Firewall Admin authentication ? NOT for global protect as radius client. Here firewall itself is a radius client.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!