- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
How to configure IAS RADIUS Authentication
03/26/2020 
47 People found this article helpful
34,358 Views
Description
How to configure IAS RADIUS Authentication
Resolution
Gen 5 - IAS RADIUS Authentication
The following tech note will explain the basic steps needed to get Microsoft IAS RADIUS working with a SonicWall Gen 4 or 5 firewall. In this example, RADIUS will be used to authenticate ‘SonicWall Read-Only Admins’. A different existing or custom group could also be used depending on the desired RADIUS authentication goal.
- Launch Internet Authentication Service from Administrative Tools.
- Right-click RADIUS Clients and select ‘New RADIUS Client’.
- Enter a Friendly Name and IP address for the SonicWall, and then click ‘Next’.
- RADIUS Standard should be selected under Client-Vendor. Enter a shared-secret, which will be used as an MD5 Hash to secure the communication between IAS and the SonicWall.
- Highlight Remote Access Logging. Right-click Local File and select Properties. Check each of the boxes to provide logging. The Event Viewer>System Log will have relevant info should it be needed for troubleshooting RADIUS authentication failures.
- Right-click Remote Access Policies and select New Remote Access Policy, which will launch the Policy Wizard.
- Choose Set up a custom policy and choose a Policy name.
- Click on Add and select the Windows-Groups attribute.
- Choose a group and add the users that will use RADIUS authentication.
- Note: each user will need to have the Remote Access Permission (Dial-in or VPN) Allow Access radio button enabled.
- Highlight Remote Access Policies, right-click the policy, and select Properties. Select Edit Profile then the Authentication Tab. Select Unencrypted authentication (PAP, SPAP). Note: This choice is actually considered Standard Authentication using PAP, which is encrypted i.e. all communication is secured.
- Log into the SonicWall and go to Users>Settings. Select RADIUS or RADIUS + Local Users for the Authentication method for login. Click Configure.
- Enter Primary Server Name or IP Address and the Shared Secret. Configure the same for the Secondary Server if one exists.
- Select ‘Use SonicWall vendor-specific attribute on RADIUS users’ or ‘Use RADIUS Filter-Id attribute on RADIUS server’ under ‘Mechanism for setting user group memberships for RADIUS users’. Also, choose the ‘Default user group to which RADIUS users belong’.
- Select the Test Tab to verify that the RADIUS Settings are functional. Enter a username and password choosing ‘Password authentication’ from the Test: options.
- Test the RADIUS Authentication by attempting to log into the SonicWall to gain Read-Only access.
- Select ‘Manage’ to manage the SonicWall
Related Articles
- How to allow or block URI and sub-domains using Content Filtering
- Troubleshooting Single Sign-on (SSO) related errors
- How to enable and configure NTP?
Categories
- Firewalls > NSa Series > User Login
- Firewalls > NSv Series > User Login
- Firewalls > TZ Series > User Login
YES
NO