09-17-2024 09:38 PM
Hi all,
There is a good chance this is not in fact a firewall issue at all.
But I just wanted to ask people who have more experience than me.
Has anyone experienced an issue where despite RADIUS traffic being passed through a Palo appliance successfully, RADIUS authentication has still failed?
The scenario I describe is from Meraki AP's to a windows NPS server on another network. I suspect the issue is with the RADIUS configuration, but just wanted to check.
Thank you.
09-18-2024 12:49 AM
is this a consistent issue or does it happen randomly?
you could set up packet-diag filters and packetcapture between 2 hosts for radius connections (bidirectional) to see if anything weird is popping up in the global counters, or any packets are getting moved around by the firewall between ingress and egress
09-18-2024 11:27 AM
Hello,
I have several types of radius setup flowing through a Palo Alto, no issues, If you think there is an issue, as Reaper mentioned perform a pcap and look at the traffic logs to see if anything was denied. The Palo Alto does not 'change or modify' the packets.
Regards,
09-18-2024 05:09 PM
Hi everyone, thank you for the replies its much appreciated.
We have narrowed the issue down to my old nemesis MTU size. Correct me if I'm wrong but Palo Alto firewalls like most devices, use 1500 by default, right? I've never specified one previously. Seems like they are fragmenting anything over 1000. Very odd.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
