How To Configure RADIUS Server Profile and Add it to an Authentication Profile

How To Configure RADIUS Server Profile and Add it to an Authentication Profile

12978
Created On 02/06/19 07:33 AM - Last Updated 04/09/19 22:44 PM


Objective
  • Setup the RADIUS PEAP-MSCHAPV2 server profile
  • Add Server Profile to an Authentication Profile for GP Portal and/or Gateway, and/or Captive Portal


Environment
  • PEAP-MSCHAPV2 Authentication can only be configured on PANOS 8.1 or later


Procedure
  1. Click Device > Certificates to import the CA certificate in which the NPS server is using for PEAP-MSCHAPV2 communication.
  • Make sure the CA or self signed certificate is imported on the firewall that is being used by your NPS server for PEAP-MSCHAPv2 RADIUS authentication.

User-added image

     

     

    1. Navigate to Device > Certificate Profile to add a certificate profile for the RADIUS Server. 

     

    User-added image
     

    1. Click Device > Server Profile and Add a RADIUS Server profile. Make sure to Select the correct Authentication Protocol, Certificate Profile, and RADIUS Server information

    User-added image

     

    • Now we will create a authentication profile so we can apply the Server profile for RADIUS authentication. 
    1. Click Device > Authentication Profile and Click Add.
    2. Give the profile a name, Select Type from drop-down as RADIUS,
    3. Under Server Profile drop-down menu select the RADIUS profile we created above.
    4. Under User Domain, define the user domain and leave all other settings default.
    5. Click OK to save and Commit the configuration. 

     

    User-added image
     

    • Now this profile can be applied to an authentication sequence, Global protect Portal or Gateway, Admin authentication, or captive portal. 
    • Below is an example to apply the authentication profile to Global Protect Portal and Gateway

    User-added image

    User-added image




     



    Actions
    • Print
    • Copy Link

      https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmkRCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

    Attachments