In this topic, you will learn how to configure advanced options for cloud RADIUS servers in Portnox™ Cloud.
Before you begin, you must have an active cloud RADIUS server in Portnox Cloud. To create a cloud RADIUS server, read the
following topic: Create cloud RADIUS servers.
Settings described in this topic are optional and allow you to have more control over your RADIUS servers.
-
In the Cloud portal top menu, click on the Settings option.
-
In the Cloud portal left-hand side menu, click on the option.
The right-hand pane shows the list of active servers.
-
Edit the security options for active RADIUS servers.
-
Click on the selected RADIUS server to show its configuration.
-
Click on the Edit link on the right-hand side.
-
Click on the Enable RADIUS over TLS (RadSec) checkbox to activate it, if you want to
allow your NAS devices to communicate with the selected RADIUS server using RadSec.
-
If you enabled RADIUS over TLS, click on the Download root certificate link on the
right-hand side to download the root certificate file.
You must copy this root certificate to NAS devices that support RadSec so they can communicate with the RADIUS
server.
-
In the RESTRICT ACCESS TO CLEAR RADIUS SERVICE section, you can change the setting from
the default Allow access from any IP address to Allow access only from the
following IP addresses.
If you select this option, only the NAS devices with the listed public IP addresses or ranges will be able to
communicate with this RADIUS server.
-
If you selected the Allow access only from the following IP addresses option, click on
the Add new IP addresses to Permitted list link and in the IP Address or CIDR
IP Address range field, enter the IP address or the IP address range in the CIDR format, and click on the Add button.
-
If you want to remove a selected IP address or range, click on the Remove link on the
right-hand side of the IP address or range.
-
Click on the Save button to save your changes or click on the
Cancel button to abandon all changes.
After you click on one of the buttons, Portnox Cloud will exit the edit mode.
-
Manage the RADIUS anti-flood protection.
-
If you suspect your devices are blocked due to excessive activity, click on the Blocked devices for
excessive activity link.
Your browser will open the BLOCKED DEVICES FOR EXCESSIVE ACTIVITY screen.
-
Select checkboxes next to blocked devices and click on the Unblock button to
unblock.
-
When finished, click on the Back button in the top-right corner.
-
Configure RADIUS forwarding rules.
RADIUS forwarding rules let you redirect selected RADIUS requests to other RADIUS servers.
To configure RADIUS forwarding rules, read the following topic: Configure RADIUS forwarding rules.
-
Modify the advanced configuration.
At the moment, the Advanced configuration section only has one option.
-
Click on the Advanced configuration heading.
Your browser will show advanced configuration options under the Advanced
configuration heading.
-
Click on the Edit link to edit advanced configuration options.
-
Select the Use Radius request's public IP for NAS detection during VPN authentication
checkbox to activate this option.
If you turn this option on, the cloud RADIUS server will use the public IP address from the incoming RADIUS
request to identify the NAS from which the VPN authentication is being initiated. This can be useful in
scenarios where the NAS is located behind a NAT device or a load balancer.