This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Radius Authentication - Passive Firewall

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Radius Authentication - Passive Firewall

indysogi
L2 Linker

‎11-10-2015 03:02 AM

Hi,

 

I am trying to authenticate the passive firewall via Radius for management purposes.

 

In the active firewall I have the same radius server configured with two different secret keys (one for active and one for passive).   On my radius server I have two clients.  One is the active firewall and the other for the passive.

 

I can authenticate the active firewall without any issues.  However, the passive firewall will not authenticate.  I receive an unknown user error.

 

Is this configuration possible?

0 Likes Likes
4 REPLIES 4

rmonvon
L6 Presenter

‎11-10-2015 11:41 AM

Hi there...The passive firewall should authenticate to Radius just like the active firewall.  Have you tried swapping the 2 Radius clients such that the passive firewall will authenticate to the active client, and active firewall --> passive client?  Also, you may want to check the secret key for typo.  Thanks.

 

0 Likes Likes

pulukas
L7 Applicator

‎11-11-2015 03:50 AM

Confirm that you have both firewall local ip addresses setup on the RADIUS server.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes

indysogi
L2 Linker
In response to pulukas

‎11-11-2015 03:54 AM

the ip addresses of both firewalls are setup on the radius server.

0 Likes Likes

pulukas
L7 Applicator
In response to indysogi

‎11-13-2015 02:44 AM

The configuration is possible.

 

Check the system log to see if there is a more specific error.

Do a packet capture on the RADIUS server of the failed login to get the full details on the transaction.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes
  • 2772 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks