Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Using RADIUS Agent for Transparent User Identification > Processing RADIUS traffic
Processing RADIUS traffic
Using RADIUS Agent | Web Protection Solutions |v8.2.x, v8.3.x
RADIUS Agent acts as a proxy that forwards RADIUS messages between one or more RADIUS clients and RADIUS servers. Rather than authenticating users directly, RADIUS Agent identifies remote users authenticated by a RADIUS server and associates them with IP addresses to enable policy enforcement and reporting.
RADIUS Agent captures and processes RADIUS protocol packets of the following types:
*
Access-Request: Sent by a RADIUS client to request authorization for a network access connection attempt.
*
Access-Accept: Sent by a RADIUS server in response to an Access-Request message; tells the RADIUS client that the attempted connection is authorized and authenticated.
*
Access-Reject: Sent by a RADIUS server in response to an Access-Request message; tells the RADIUS client that the attempted connection is rejected.
*
Accounting-Stop-Request: Sent by a RADIUS client to tell the RADIUS server to stop tracking activity for a specific user.
Each RADIUS message packet contains attributes that describe the connection attempt, such as user name, password, and IP address of an access server. RADIUS Agent stores user name-to-IP-address pairings in a user map, and provides this information to Filtering Service.
If your RADIUS client supports accounting (user logon tracking), and accounting is enabled, RADIUS Agent is able to extract more details about user logon sessions from the RADIUS messages it receives.
For example, if there is no static IP address for an authenticated remote user, a dynamic IP address is assigned to that user. RADIUS Agent receives the dynamic IP address via an accounting request from the RADIUS client, and then records the resulting user name/IP address entry in its user map.
Stop accounting requests tell the RADIUS server to stop tracking logon activity for a particular user. The stop accounting request process is as follows:
1.
RADIUS Agent receives a RADIUS stop accounting message.
2.
RADIUS Agent extracts the user name and IP address from the request, and tells the RADIUS Agent service to remove the matching entry from its map.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Using RADIUS Agent for Transparent User Identification > Processing RADIUS traffic
Copyright 2016 Forcepoint LLC. All rights reserved.