Configure RADIUS Authentication for a Firebox

Applies To: Cloud-managed Fireboxes This topic applies to Fireboxes you configure in WatchGuard Cloud.

RADIUS (Remote Authentication Dial-In User Service) authenticates local and remote users on a company network. RADIUS is a client/server system that keeps the authentication information for users, remote access servers, VPN gateways, and other resources in one central database.

To configure a cloud-managed Firebox to use RADIUS authentication, you can add a RADIUS server to an authentication domain, and then configure Fireboxes in your account to use that domain for authentication.

RADIUS Authentication Methods

A cloud-managed Firebox uses these authentication protocols for user authentication with a RADIUS server:

• Firewall authentication — PAP (Password Authentication Protocol)
• Mobile VPN authentication — EAP-MSCHAPv2

Before You Begin

Before you configure your Firebox to use a RADIUS authentication server, you must have this information for each RADIUS server:

• Primary RADIUS server — IP address and RADIUS port
• Backup RADIUS server (optional) — IP address and RADIUS port
• Shared secret — Case-sensitive password that is the same on the WatchGuard Cloud authentication domain and on the RADIUS server
• Authentication methods — Configure your RADIUS server to allow the authentication method your Firebox uses, such as PAP or EAP-MSCHAPv2

Configure RADIUS Authentication for a Cloud-Managed Firebox

To use RADIUS server authentication with a cloud-managed Firebox, you must:

• Add the IP address of the Firebox to the RADIUS server, to configure the Firebox as a RADIUS client.
• Add the RADIUS server to a WatchGuard Cloud authentication domain, and specify the server IP address and shared secret. For more information, see Add an Authentication Domain to WatchGuard Cloud.
• If you have a backup RADIUS server, add it to the same authentication domain. For more information, see Add Servers to an Authentication Domain.
• Add users or groups to the authentication domain. For more information, see Add Users, Groups, and Devices to an Authentication Domain.
• Add the authentication domain to the Firebox configuration. For more information, see Add an Authentication Domain to a Firebox.
• Select the user or group names in Firebox policies. For more information, see Configure the Source and Destination in a Firewall Policy.

Related Topics

About Firebox Authentication Settings

Configure RADIUS Authentication for an Access Point