none
Forward Radius Accounting to Firewall from NPS-Server 2012 RRS feed

  • Question

  • Hi,

    We are configuring radius SSO authentication for Sophos XG Firewall.We have Windows server 2012 as NPS server(Radius Server).For the wireless authentication at the Firewall We need to forward accounting information from radius server to Sophos XG Firewall.How to forward radius accounting from NPS ?

    Monday, June 17, 2019 8:08 AM

All replies

  • Hi,

    You can configure NPS proxy on windows server.

    Please refer to the link below:

    https://community.sophos.com/kb/en-us/132912 

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, June 18, 2019 2:35 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, June 19, 2019 7:08 AM
    Moderator
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, June 28, 2019 1:35 AM
    Moderator
  • Thanks for the reply.Provided KB article is about Sophos Access points .But in this environment We have juniper access points & WLC.We did configure NPS as radius proxy & send the accounting information to XG firewall.Now some of  users are authenticated at firewall & some of users are not.But the same time accounting logs are created on NPS server without any issue.Is this occurs because of load balancing at NPS ? Can we do that without proxy or load balancing ?  

    Please note that NPS is both radius server & radius proxy.Under the Server Group ,only one member(XG firewall) and priority set to 2. 

    • Edited by kalzi89 Friday, June 28, 2019 9:07 AM
    Friday, June 28, 2019 7:04 AM
  • Hi,

    Firstly, How did you configure the authentication provider on AP and WLC, NPS server or XG firewall?

    On XG firewall, it can't authenticate user accounts because it can't connect to DC. So we need NPS proxy to forward the authentication to windows Radius server.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, June 28, 2019 9:10 AM
    Moderator
  • Hi,

    On WLC NPS server is the authentication & accounting server.ON NPS We created Remote radius server group added XG as member.XG is only member here.Then created connection request policy & forwarded accounting to particular radius server group(XG)..

    Priority set to 2. If we set it to 1 then it didn't work.

    On XG we added radius SSO client as NPS.At XG we added DC as authentication server.Radius users are showing at XG firewall.When I connect device to wifi,sometimes its showing at XG & sometimes it's not.

    We are followed below article.

    https://schoolzone.familyzone.com/support/solutions/articles/5000734367-how-to-forward-accounting-packets-to-sonar

    Friday, June 28, 2019 9:39 AM
  • Hi,

    At XG we added DC as authentication server. 

    Since the XG firewall can use DC to authenticate, why do you need the windows NPS server?

    You can configure XG firewall as NPS on WLC.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, July 1, 2019 6:33 AM
    Moderator
  • Hi,

    But at XG,We cannot configure radius server itself.We can add  3rd party radius server.Only can be configure as radius client.

    Monday, July 1, 2019 9:27 AM
  • Hi,

    On WLC NPS server is the authentication & accounting server. 

    So, you want the windows NPS server to authenticate and XG firewall to accounting.

    I am afraid it is not possible, unless you forward authentication and accounting to the XG firewall.

    Or you only use the 3rd party radius server.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, July 2, 2019 7:06 AM
    Moderator