Versions Compared

Old Version 2

changes.mady.by.user Paul Ruvin

Saved on

compared with

New Version Current

changes.mady.by.user Paul Ruvin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Register DualShield RADIUS Server

  1. Log in to the WebAdmin interface of Sophos XG
  2. Under "Configure" Select "Authentication" from the menu on the left

  3. Select “Servers” Tab




4. Click "Add"

Choose Backend: Radius

Click on the + sign next to Server and enter

Name: DualShield

Type: Host

Address: Your DualShield Radius Server IP Address

In the Pop-Up, click Save

Enter the Shared secret

Click "Test server settings"
Image Removed
Enter a test Username and Password

Now, click “Authenticate example user”

Image Removed

Enable Auto User creation for the RADIUS users

  • Select “Definitions & Users -> Authentication Servers”
  • Select “Global Settings” Tab
  • Enable “Create users automatically”
  • Click Apply.
  • Choose “End-User Portal” and “SSL VPN”
    • Click Apply
    Image Removed

    Allow RADIUS user to access the End-User Portal

    In order to get their SSL VPN client and configuration, users have to initially log in to the End User portal. Make sure that RADIUS authenticated users are allowed to log in.

  • Select “Management -> User Portal”
    • Add the “Radius Users” group to the list of allowed users. You can choose this group by clicking on the Folder icon and drag and drop it from the list on the left. 
    Image Removed

    Allow RADIUS users to use the SSL VPN client

  • Select Remote Access -> SSL
    • Add the "Radius Users" group to the list of allowed users. You can choose this group by clicking on the Folder icon and drag and drop it from the list on the left.
    Image Removed

    Allow RADIUS users to use the HTML5 VPN portal

  • Select Remote Access -> HTML5 VPN Portal
    • Add the "Radius Users" group to the list of allowed users. You can choose this group by clicking on the Folder icon and drag and drop it from the list on the left.
    Image Removed

    Image Added

    5. Configure as follows:

    OptionValue
    Server Name:Radius server
    Server Name:Friendly name
    Server IP:Radius Server IP
    Authentication Port:1812
    Time-out:30
    Accounting port: 1813
    Shared Secret:This must match the one you specified under DualShield configuration
    Domain name:Enter your domain name
    Group name attribute:memberof


    6. Click "Test connection" and if successful click "Save"

    7. Click on the "Services" tab

    Image Added

    Image Added

    8. Enable and Apply the DualShield Radius server under User Portal and VPN and SSL VPN  authentication methods 

    9.  For SSL VPN, please make sure the option "Set authentication method for SSL VPN" is enabled.

    10.  Once the user authenticates a user account is created on Sophos XG itself.  You can view them under the "Users" tab.

    Image Added

    11.  Once created you need to add a Name and Email for the user and set the Policies