05-13-2024 04:47 AM
hello
I am configuring a GP gateway for Radius Authentication
I am using the CLI test authentication command to test
I can ping the Radius host and confirmed Secret
my troubleshooting shows packets allowed by the Security policy
I cannot see any packets to the Radius host in the packet captures in any of the stages
what do you think my next steps should be ?
05-13-2024 05:43 AM
RADIUS host and firewall mgmt interface are in same subnet?
To capture traffic going out from mgmt interface you need to take tcpdump in cli.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleECAS
Packet capture in web interface shows only traffic that passes Palo dataplane.
05-27-2024 12:19 PM
first -thank you for your help
Q can you check the configuration from the screenshots ?
I am trying to ensure my config flow is correct
1 define Radius server
2 define authentication profile
3 use the authentication profile in the portal/gateway
I can see the TLS connection/traffic from my test client to the target VPN in the PA logs at the receive stage
05-28-2024 04:48 AM
Q for Radius authentication to work is it a pre-requisite that the management interface has full IP connectivity to the Radius server ?
05-28-2024 07:26 AM
there is an existing working GP portal configuration that uses LDAP for authentication
could this be an issue with the Security policy ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
