Radius access for MGT conflict radius for user access.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Radius access for MGT conflict radius for user access.

L1 Bithead

Dear,

we use radius profiles for internal users towards a customer internal network policy server and so. The administration of the palo firewall is done via the MGT interface on a dedicted pvlan based administration network. We want to enable radius authentication for administrator purposes , but this seems to be impossible due to the fact that the service routing for radius  (the interface selected is is the L3 interface of the customer zone ) is occupied. The radius requests for the MGT is also send via this way, wrong off course, it should come via the administration network towards another ( cisco ACS) server. Can this be done ? Seems it is impossible to make sure the MGT uses the MGT network interface apart from the customer zones.

Specific routings towards the ACS system in this service config pages seem to work, but the source ipaddress from the request is not the one from the MGT interface but from a L3 interface on the fw. speificied for the customer.

Can this be solved somehow ?

1 REPLY 1

L6 Presenter

Hi...You can try this.  Define 2 Radius servers/profiles, 1 for users and 1 for admin, where each server has a difference IP address.  Then point the service route to 1 Radius server using mgt port, and use the destination option on the right to source from the 2nd interface to the 2nd Radius server.

Thanks.

  • 2578 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!