I am trying to setup Radius Authentication with PA. I have setup EAP(PEAP) and EAP-MSCHAP v2 on the windows radius server. However I can only login to the firewall using PAP. I have tried to import the certificate from the radius server but not sure why I can't use the EAP or MSCHAP options.
Please advice as I am not sure if I am exporting and importing the certificate corretly.
You need to ensure that the root and intermediate certificates are included in the certificate profile assigned to your RADIUS server profile. You sure that you have the certificate profile configured correctly?
but it isn't helped me.
In my case PAP auth also works, but MS-CHAP - doesn't.
I've generated Digicert, imported it into NPS Radius local machine storage (private key end CA) on PA GP I've created a
proper profile linked to Digicert CA.
Do you guys think there are limitations for Administrator authentication which only supports "PAP" by any of the vendors like Microsoft/Pulse Secure Radius etc..
I am not able to find any of the vendors in the industry that supports EAP encryption on top of PAP or CHAP. Like EAP-TTLS with PAP
Any vendors do you think supports EAP-TTLS with PAP for Firewall Admin authentication ? NOT for global protect as radius client. Here firewall itself is a radius client.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!