Configuring RADIUS Agent

Administrator Help | Forcepoint Web Security and Forcepoint URL Filtering | v8.5.x

Related topics:

Identifying on-premises users transparently

Manual authentication

Configuring user identification and authentication

RADIUS Agent lets you apply user and group-based policies using authentication provided by a RADIUS server. This allows transparent identification of users who access your network using a dial-up, Virtual Private Network (VPN), Digital Subscriber Line (DSL), or other remote connection.

Use the User Identification > RADIUS Agent page to configure a new instance of RADIUS Agent, as well as to configure the global settings that apply to all instances of RADIUS Agent.

To add a new instance of RADIUS Agent:

Under Basic Agent Configuration, enter the IPv4 address or hostname of the RADIUS Agent machine.


	Note Machine names must start with an alphabetical character (a-z), not a numeric or special character. Machine names containing certain extended ASCII characters may not resolve properly. In non-English environments, enter an IP address instead of a name.

Enter the Port that RADIUS Agent should use to communicate with other web protection components (30800, by default).

To establish an authenticated connection between Filtering Service and RADIUS Agent, mark Enable authentication, and then enter a Password for the connection.

Next, customize global RADIUS Agent settings. By default, changes that you make here affect all RADIUS Agent instances. Settings marked with an asterisk (*), however, can be overridden in an agent's configuration file to customize the behavior of that agent instance (see the Using RADIUS Agent for Transparent User Identification technical paper).

Under RADIUS Server, enter the RADIUS server address or name. If you provide the IP address, use IPv4 address format.

RADIUS Agent forwards authentication requests to the RADIUS server, and must know the identity of this machine.

If your network includes a RADIUS client, enter the RADIUS client address or name. If you provide the IP address, use IPv4 address format.

Web protection software queries this machine for user logon sessions.

Enter the User entry timeout interval, used to determine how often RADIUS Agent refreshes its user map. Typically, the default query value (24 hours) is best.

Use the Authentication Ports and Accounting Ports settings to specify which ports RADIUS Agent uses to send and receive authentication and accounting requests. For each type of communication, you can specify which port is used for communication between:

RADIUS Agent and the RADIUS server (authentication default 1645; accounting default 1646)

RADIUS Agent and the RADIUS client (authentication default 12345; accounting default 12346)

When you are finished making configuration changes, click OK to return to the Settings > User Identification page, then click OK again to cache your changes. Changes are not saved until you click Save and Deploy.

For information about configuring your RADIUS client and RADIUS server to communicate with RADIUS Agent, see the Using RADIUS Agent for Transparent User Identification technical paper.