In the DualShield authentication server we need to create a RADIUS application which will be used for the two-factor authentication in NetMotion Mobility XE. An application in DualShield needs a logon procedure which defines how users will be authenticated when they attempt to logon to the application.

Create a Logon Procedure

  1. Login to the DualShield Management Console
  2. In the main menu, select “Authentication | Logon procedure”
  3. Click the “Create” button on the toolbar
  4. Enter “Name” and select “RADIUS” as the type



  5. Click “Save”
  6. Click the Context Menu icon of the newly create logon procedure, select “Logon Steps”
  7. In the popup windows, click the “Create” button on the toolbar
  8. Select the “Static Password” as the authenticator



  9. Click "Save"

Create a Application 

  1. In the main menu, select “Authentication | Applications”
  2. Click the “Create” button on the toolbar
  3. Enter “Name”
  4. Select “Realm”
  5. Select the logon procedure that was just created



  6. Click “Save”
  7. Click the context menu of the newly created application, select “Agent”



  8. Select the DualShield Radius server, e.g. ”Local Radius Server”
  9. Click “Save”
  10. Click the context menu of the newly created application, select “Self Test”

Certificates Configuration

As the authentication protocol between NetMotion server and DualShield Radius server is Radius and the method is EAP/PEAP, we need a SSL server certificate for the DualShield Radius server.

In the production environment, you will need to provide a commercial SSL certificate for your DualShield Radius server.

  1. In main menu, select “Repository | Certificate Management | Server Certificates”
  2. Click "Import" button on the toolbar



  3. Enter a description,
  4. Upload your SSL server certificate in the PFX format
  5. Enter the password of the certificate
  6. Press "Save"

In a test environment, however, you can create your own CA and issue a SSL certificate for DualShield Radius server. Please note, if you use a self-issued certificate by your own CA, then you must download & install your CA certificate onto the client PC in the Trusted Root certificate folder. 

Certificate Authority 

  1. In main menu, select “Repository | Certificate Management | Certificate Authority”
  2. Click “Create” in the toolbar
  3. Fill in the form



  4. Click "Save"

SSL Certificate 

To create a SSL certificate,

  1. In main menu, select “Repository | Certificate Management | Server Certificates”
  2. Click “Create” in the toolbar

  3. Select the CA created in the previous step
  4. Fill in the form
  5. Click “Save” 

Register Radius Client 

We need to register NetMotion server as a Radius client in DualShield

  1. In the main menu, select “RADIUS | Clients”
  2. Click the “Register” button on the toolbar



  3. Select the application that was created in the previous steps
  4. Enter NetMotion Server’s IP in the IP address
  5. Enter the Shared Secret which will be used later in the NetMotion Server.
  6. Click “Save”

Configure Radius Server

  1. In the main menu, select “RADIUS | Server”
  2. Click the context menu of the Radius Server, select “EAP options”
  3. Select the “General” tab. In the "Default EAP Type" box select "PEAP"



  4. Select the "TLS" tab. In the "Server Certificate" box select the SSL certificate to be used as the RADIUS server certificate. The SSL server certificate must include its private key. If device authentication is required then in the "Trusted Certificate Authorities" box you must also provide the CA certificates that were used to issue the client certificate, otherwise you can leave it empty.



  5. Select the "PEAP" tab. In the "Default Inner EAP Type" box select "GTC"



  6. Select the "GTC" tab. In the "Default Challenge" box leave it be "Password:"



  7. Click "Save"