Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 29 subscribers
  • Views 2770 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF with radius authentication issue

darrellr

I have been using UTM 9 for quite a while and had set up WAF with RADIUS authentication via Duo (duoauthproxy) with a form authentication page and it has worked well.

I am testing XG 17.5 and set up the same way.  I have the Firewall authentication set up for the Radius server.  I get prompted on my phone to ok the Duo request as expected, but then I get a steady stream of requests to approve (every second or two) while the page is loading.  The first attempt is successful, but all future attempts are failed:

 

date=2018-12-20 time=02:15:48 timezone="CST" device_name="SFVH" device_id=xxxx log_id=065010617707 log_type="Event" log_component="Web Application Firewall" log_subtype="Authentication" status="Successful" priority=Information user_name="xxxx" usergroupname="" auth_client="WAF" auth_mechanism="RADIUS" reason="" src_ip=x.x.x.x message="User xxxx logged in successfully to WAF through RADIUS authentication mechanism" name="" src_mac=

date=2018-12-20 time=02:15:49 timezone="CST" device_name="SFVH" device_id=xxxx log_id=065010517708 log_type="Event" log_component="Web Application Firewall" log_subtype="Authentication" status="Failed" priority=Notice user_name="xxxx" usergroupname="" auth_client="WAF" auth_mechanism="RADIUS" reason="wrong credentials" src_ip=x.x.x.x message="User xxxx failed to login to WAF through RADIUS authentication mechanism because of wrong credentials" name="" src_mac=

 

Radius is working well with SSL VPN as expected.  It seems the WAF is not working as it should, to me.  If I use local authentication, WAF works fine.  It only balks at radius for some reason.  I may test a different radius server (bypass duoauthproxy) and if I do I will post an update.

 

I am a rather advanced home user (I've managed a lot of infrastructure professionally), but just can't crack this nut.  Can anyone help?  I am willing to post screenshots, I just did not want to junk up the first post unnecessarily if this is a known bug or something.  I did see another post similar, but not quite the same.



This thread was automatically locked due to age.
Parents
  • 0

    Update:  I tested bypassing my duoauthproxy and I was allowed to get in.  However - I had 45 login attempts from the WAF just to load a single page.

    This doesn't seem appropriate to me.

    I created an index page with only Hello World! (no HTML, just the text), and set to bypass duoauthproxy.  It allowed me in without issue, but it still attempted two authentications.  Using duo, the second auth fails.  I am using PUSH with duo, but even appending the passcode it fails (cannot use the same passcode multiple times).

    Everything looks the same between the UTM settings and the XG settings.  Any other ideas why the WAF module is requesting so many authentications?

Reply
  • 0

    Update:  I tested bypassing my duoauthproxy and I was allowed to get in.  However - I had 45 login attempts from the WAF just to load a single page.

    This doesn't seem appropriate to me.

    I created an index page with only Hello World! (no HTML, just the text), and set to bypass duoauthproxy.  It allowed me in without issue, but it still attempted two authentications.  Using duo, the second auth fails.  I am using PUSH with duo, but even appending the passcode it fails (cannot use the same passcode multiple times).

    Everything looks the same between the UTM settings and the XG settings.  Any other ideas why the WAF module is requesting so many authentications?

Children