Device > Server Profiles > RADIUS
Select DeviceServer ProfilesRADIUS or PanoramaServer ProfilesRADIUS to configure settings for the Remote Authentication Dial-In User Service (RADIUS) servers that authentication profiles reference (see Device > Authentication Profile). You can use RADIUS to authenticate end users who access your network resources (through GlobalProtect or Captive Portal), to authenticate administrators defined locally on the firewall or Panorama, and to authenticate and authorize administrators defined externally on the RADIUS server.
RADIUS Server Settings
Enter a name to identify the server profile (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Select the scope in which the profile is available. In the context of a firewall that has more than one virtual system (vsys), select a vsys or select Shared (all virtual systems). In any other context, you can’t select the Location; its value is predefined as Shared (firewalls) or as Panorama. After you save the profile, you can’t change its Location.
Administrator Use Only
Select this option to specify that only administrator accounts can use the profile for authentication. For firewalls that have multiple virtual systems, this option appears only if the Location is Shared.
Enter an interval in seconds after which an authentication request times out (range is 1 to 120; default is 3).
If you use the RADIUS server profile to integrate the firewall with an MFA service, enter an interval that gives users enough time to respond to the authentication challenge. For example, if the MFA service prompts for a one-time password (OTP), users need time to see the OTP on their endpoint device and then enter the OTP in the MFA login page.
Select the Authentication Protocol that the firewall uses to secure a connection to the RADIUS server:
Enter the number of automatic retries following a timeout before the request fails (range is 1 to 5; default is 3).
Configure information for each server in the preferred order.
Configure RADIUS Authentication
Configure RADIUS Authentication You can configure RADIUS authentication for end users and firewall or Panorama administrators. For administrators, you can use RADIUS to manage authorization ...
Configure RADIUS Authentication for Panorama Administrators
Configure RADIUS Authentication for Panorama Administrators You can use a RADIUS server to authenticate administrative access to the Panorama web interface. You can also define ...
Set Up RADIUS or TACACS+ Authentication
Set Up RADIUS or TACACS+ Authentication RADIUS is a client/server protocol and software that enables remote access servers to communicate with a central server to ...
Device > Server Profiles > TACACS+
Device > Server Profiles > TACACS+ Select Device Server Profiles TACACS+ or Panorama Server Profiles TACACS+ to configure the settings that define how the firewall ...
Guidelines for Setting Authentication Server Timeouts
Guidelines for Setting Authentication Server Timeouts The following are some guidelines for setting the timeouts for firewall attempts to connect with External Authentication Services . ...
Device > Server Profiles > Multi Factor Authentication
Device > Server Profiles > Multi Factor Authentication Use this page to configure a multi-factor authentication (MFA) server profile that defines how the firewall connects ...
Configure an Authentication Profile
Authentication Profile Device > Authentication Profile Select Device Authentication Profile or Panorama Authentication Profile to manage authentication profiles. To create a new profile, Add one ...
Configure Local or External Authentication for Firewall Adm...
Configure Local or External Authentication for Firewall Administrators You can use Local Authentication and External Authentication Services to authenticate administrators who access the firewall. These ...
Configure an Authentication Profile and Sequence
Configure an Authentication Profile and Sequence An authentication profile defines the authentication service that validates the login credentials of administrators who access the firewall web ...