Configuring RADIUS for SonicOS Standard

Policy Configuration : Configuring Users in SonicOS Standard

Configuring RADIUS for SonicOS Standard

If you selected Use RADIUS for user authentication, you must now configure RADIUS information.

To configure RADIUS, complete the following steps:

1

Expand the Users tab and click on RADIUS.

2

Define the number of times the SonicWALL attempts to contact the RADIUS server in the RADIUS Server Retries field. If the RADIUS server does not respond within the specified number of retries, the connection is dropped. This field can range between 0 and 10, however 3 RADIUS server retries is recommended.

3

Define the RADIUS Server Timeout in Seconds. The allowable range is 1-60 seconds with a default value of 5.

RADIUS Servers

1

Specify the following setting for the primary RADIUS server in the Primary Server section:

•

Type the IP address of the RADIUS server in the IP Address field.

•

Type the Port Number for the RADIUS server.

•

Type the RADIUS server administrative password or “shared secret” in the Shared Secret field. The alphanumeric Shared Secret can range from 1 to 31 characters in length. The shared secret is case sensitive.

2

If there is a secondary RADIUS server, type the appropriate information in the Secondary Server section.

RADIUS Users

1

Configure the following privileges for all RADIUS users:

•

Allow Internet Access (when access is restricted)—enables the users to access the Internet when Internet access is restricted to authorized users only.

•

Bypass Filters—enables Bypass Filters if the user can bypass Content Filtering settings.

•

Access to VPNs—enables the users to send information over the VPN Security Associations.

•

Access from VPN Client with XAUTH—use if a VPN client is using XAUTH for authentication.

•

Access L2TP Client from VPN Client—enables the user to connect using an L2TP client through a secure VPN tunnel.

•

Wireless Guest Service—allows access (after RADIUS authentication) for Wireless Guest Services users.

•

Easy WGS MAC Filtering—enables (and enforces) MAC address filtering for wireless guest service-enabled connections.

•

Limited Management—allows authorized users limited local management access to the SonicWALL interface. Access is limited to the General page (Status, Network, Time), the Log page (View Log, Log Settings, Log Reports), and the Tools page (Restart, Diagnostics minus Tech Support).

•

Allow Only Users Listed Locally—Disallows access to RADIUS users, except for those with duplicate local credentials.

RADIUS Client Test

To test your RADIUS Client user name and password, complete the following steps:

1

Navigate to the Diagnostics > Network page.

2

Enter a valid user name in the User field, and the password in the Password field.

3

Click RADIUS Client Test.

If the validation is successful, the Status messages changes to Success. If the validation fails, the Status message changes to Failure. After the SonicWALL has been configured, a VPN Security Association requiring RADIUS authentication prompts incoming VPN clients to type a User Name and Password into a dialogue box.