Configuring User Portal authentication on Sophos Firewall using Radius Server the instruction

1 Overview

Radius is a popular protocol to support user authentication to increase security in the Active directory network model. Today Thegioifirewall will guide you through the steps of implementing Radius model to authenticate users accessing User Portal on Sophos Firewall.

2 Steps to take

2.1 Diagram

The model includes a Window server as a Radius server, located at the vlan2 layer.

The User Computer is located at the VLAN10 layer.

Sophos Firewall with default gateway vlan 2 and vlan 10 connects to Server Radius and User Computer through Trunk port.

2.2 Configuration steps

To build the model we need to configure the following components:

  • Configure Network Policy Service and Radius service for Server
  • Configure Radius connection on Firewall
  • Check the result

2.2.1 Configure Network Policy Service and Radius service for Server

To configure Radius server we need to install Role Network Policy and Access Services

Select Role and click Next to install.

Continue next to skip and select Install to install.

After the installation is complete, we go to Network Policy Server.

In the Radius Client section, right-click and select new

Create a Radius Client. Name the client in the Friendly name section, Here the client is Sophos Firewall, so we configure the IP on Sophos Firewall’s VLAN2 Port, enter the Share Secret for the client and click OK.

In the Connection Request Policies section. We right click and choose new.

Name this policy in the Policy name section and select next.

In the Condition section, select add

Select add in the Access Client IPV4 address section and enter the Firewall vlan2 IP address, select OK.

Click next.

Click next.

In the Authentication methods section. We select as shown and click next.

Select No to skip.

Click next.

Click Finish.

Next, in the Network Policy section, right-click and select new.

Enter a name for the Policy name entry. Click next.

In the Condition section, select add

In the Window Groups section, select add and add the group used for logging in here. Click ok.

Click next.

Select Access Granted. Select next.

Check the box as shown in the Authentication methods section. Select next.

Select No to skip.



Click finish to finish.

So we have finished configuring the Network Policy Service section

2.2.2 Configure Radius connection on Firewall

At Firewall, we configure the connection to the Radius Server and allow authentication by Radius.

We go to Authentication >> Servers >> Select Add to create a connection.

Select Type as RADIUS server.

Server ip: ip of Radius server.

Share secret: the key that we created earlier at the server.

Domain name: the domain of the server.

Group name attribute: the group name selected in the above NPS configuration section.

Then press save.

Test connection: check the Firewall connection with Radius server

We click on Test Connection and fill in user information in AD.

The return result is successful login.

Switch to the Services tab, we choose Radius server to authenticate for User Portal Authentication and give priority to Radius above Local. Click Apply

2.2.3 Check the result

Proceed to login to the user portal page with an account on AD.

We have successfully logged into this user’s portal page.

On the Firewall, go to Authentication >> Users and you will see that the logged in user has been created. At the same time, the default group of this new user is Open group.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.