Device > Server Profiles > RADIUS
Select or to configure settings
for the Remote Authentication Dial-In
User Service (RADIUS) servers that authentication profiles reference
(see Device
> Authentication Profile). You can use RADIUS to authenticate
end users who access your network resources (through GlobalProtect
or Captive Portal), to authenticate administrators defined locally
on the firewall or Panorama, and to authenticate and authorize administrators
defined externally on the RADIUS server.
for the Remote Authentication Dial-In
User Service (RADIUS) servers that authentication profiles reference
(see Device
> Authentication Profile). You can use RADIUS to authenticate
end users who access your network resources (through GlobalProtect
or Captive Portal), to authenticate administrators defined locally
on the firewall or Panorama, and to authenticate and authorize administrators
defined externally on the RADIUS server.RADIUS Server Settings | Description |
|---|---|
Profile Name | Enter a name to identify the server profile
(up to 31 characters). The name is case-sensitive and must be unique.
Use only letters, numbers, spaces, hyphens, and underscores. |
Location | Select the scope in which the profile is
available. In the context of a firewall that has more than one virtual
system (vsys), select a vsys or select Shared (all
virtual systems). In any other context, you can’t select the Location ;
its value is predefined as Shared (firewalls ) or as Panorama.
After you save the profile, you can’t change its Location . |
Administrator Use Only | Select this option to specify that only
administrator accounts can use the profile for authentication. For
firewalls that have multiple virtual systems, this option appears
only if the Location is Shared . |
Timeout | Enter an interval in seconds after which
an authentication request times out (range is 1 to 120; default
is 3). If you use the RADIUS server
profile to integrate the firewall with an MFA service, enter an
interval that gives users enough time to respond to the authentication
challenge. For example, if the MFA service prompts for a one-time
password (OTP), users need time to see the OTP on their endpoint
device and then enter the OTP in the MFA login page. |
Authentication Protocol | Select the Authentication Protocol that
the firewall uses to secure a connection to the RADIUS server:
|
Retries | Enter the number of automatic retries following
a timeout before the request fails (range is 1 to 5; default is
3). |
Servers | Configure information for each server in
the preferred order.
|
