C U S TO M E R S U P P O RT P O RTA L
Support Home
Support Cases
Activate Products
Other users also
viewed:
How to Configure Basic RADIUS Authentication
Created On 01/16/20 04:15 AM - Last Modified 01/17/20 00:41 AM
RADIUS
DEPLOYMENT
DEVICE MANAGEMENT
8.1
8.0
12993
9.0
PAN-OS
License Management
Account Management
Members
Groups
Objective
This document describes how to configure RADIUS authentication profile using PAP or CHAP.
Environment
PAN-OS 8.0 and above.
Palo Alto Firewall.
Professional Services
Products
Tools
Procedure
1. Ensure the management IP of the Firewall is configured on the RADIUS server as a client.
2. Add the above radius server on Firewall using GUI: Device > Server Profiles > RADIUS. Configure the
name, IP address secret and port used. Note that the authentication profile used is PAP or CHAP.
Troubleshooting
RADIUS Authentication
How To Configure
RADIUS Server Profile
and Add it to an
Authentication Profile
RADIUS Vendor-Specific
Attributes (VSA)
Configuring
Administrator
Authentication with
Windows 2008 RADIUS
Server (NPS/IAS)
RADIUS Authentication
Failing
WildFire
AutoFocus
Actions
Updates
 Print
2
 Follow
Resources
 Copy Link
Attachments
Feedback
Was this information helpful?
3. Next, configure the authentication profile to use this server using GUI: Device > Authentication Profile
> Add. Select the "Type" as Radius and in the "Server Profile" section select the RADIUS server profile
created in step 1 above. Username modifier info below.
If the source sends the user information in domain\username format, the firewall sends the user
information to the server in the same format.
If the source sends the user information in username@domain format, the firewall normalizes the
user information to the domain\username format before sending it to the server.
If the source sends only the username, the firewall adds the User Domain you specify before sending
the information to the server in domain\username format.
4. Click on the "Advanced" tab and select the users to be added to the allowed list. The "Factors" tab is
untouched and is used in the case of Multi- Factor Authentication.
hongbo xia
C U S TO M E R S U P P O RT P O RTA L
Support Home
Support Cases
Activate Products
License Management
Account Management
Members
Groups
Professional Services
4. Click on OK and Commit the configuration.
The configured radius authentication profile can now be used for device administrators, remote VPN or
Products
captive portal.
Tools
WildFire
AutoFocus
COMPANY
About Palo Alto Networks
LEGAL NOTICES
Privacy
RESOURCES
Support
Careers
Terms of Use
LIVEcommunity
Email Preferences
Updates
Learning Center (Beacon)
Technical Documentation
Resources
© 2023 Palo Alto Networks, Inc. All rights reserved.
a51e12a918ebc5e13df4fa789ea5f12b206b9b88618b27aae24c669a71415fa9
hongbo xia