How To Configure RADIUS Server Profile and Add it to an Authentication Profile
45187
Created On 02/06/19 07:33 AM - Last Modified 10/11/24 08:03 AM
Objective
- Setup the RADIUS PEAP-MSCHAPV2 server profile
- Add Server Profile to an Authentication Profile for GP Portal and/or Gateway, and/or Captive Portal
Environment
- PEAP-MSCHAPV2 Authentication can only be configured on PANOS 8.1 or later
Procedure
- Click Device > Certificates to import the CA certificate in which the NPS server is using for PEAP-MSCHAPV2 communication.
- Make sure the CA or self signed certificate is imported on the firewall that is being used by your NPS server for PEAP-MSCHAPv2 RADIUS authentication.
- Navigate to Device > Certificate Profile to add a certificate profile for the RADIUS Server.
- Click Device > Server Profile and Add a RADIUS Server profile. Make sure to Select the correct Authentication Protocol, Certificate Profile, and RADIUS Server information
- Now we will create a authentication profile so we can apply the Server profile for RADIUS authentication.
- Click Device > Authentication Profile and Click Add.
- Give the profile a name, Select Type from drop-down as RADIUS,
- Under Server Profile drop-down menu select the RADIUS profile we created above.
- Under User Domain, define the user domain and leave all other settings default.
- Click OK to save and Commit the configuration.
- Now this profile can be applied to an authentication sequence, Global protect Portal or Gateway, Admin authentication, or captive portal.
- Below is an example to apply the authentication profile to Global Protect Portal and Gateway