Radius Authentication Profile

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Radius Authentication Profile

L2 Linker

hello 

I am configuring a GP gateway for Radius Authentication 

I am using the CLI test authentication command to test 

I can ping the Radius host and confirmed Secret 

my troubleshooting shows packets allowed by the Security policy 

I cannot see any packets  to the Radius host in the packet captures in any of the stages

 

what do you think my next steps should be ?

4 REPLIES 4

Cyber Elite
Cyber Elite

RADIUS host and firewall mgmt interface are in same subnet?

To capture traffic going out from mgmt interface you need to take tcpdump in cli.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleECAS

 

Packet capture in web interface shows only traffic that passes Palo dataplane.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

first -thank you for your help 

Q can you check the configuration from the screenshots ?

I am trying to ensure my config flow is correct

1 define Radius server

2 define authentication profile 

3 use the authentication profile in the portal/gateway 

I can see the TLS connection/traffic  from my test client to the target VPN in the PA logs at the receive stage 

Q for Radius authentication to work is it a pre-requisite that the management interface has full IP connectivity to the Radius server ?

 there is an  existing working  GP portal configuration  that uses LDAP for authentication 

could this be an issue with the Security policy ?

  • 564 Views
  • 4 replies
  • 0 Likes
  • 38 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!