Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 4424 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SOPHOS+UniFi Windows NPS Authentication

Mohammed Jaz

Hi,

I have radius server working fine with no issues(Without Firewall Integration),i have my lab setup as follows
Perimeter Firewall(SOPHOS) working as DHCP IP distributor
HP Switches(VLAN concept configured)
UnIfI Access point
Windows AD + DNS in a server
Windows NPS + ADCS in another server

I created a self signed certificate,configured my UniFi AP,Firewall and HP Switch accordingly to distribute IP base on Corporte Network
and Guest users it is working fine with no issues, since UniFi do not have the option of "Simultaneous Login Restriction" for which i opt to configure using Firewall,
I added my Radius Server Details in my firewall under "Authentication--->Server & Services options, also in NPS server under RADIUS Client i added my Firewall IP which
is 192.168.172.1 and my UniFi AP IP is 192.168.172.55(Static IP) the "Test Connection" in firewall too got succeeded when the user tries to connect the WiFi SSID of my UniFi
it halts with "Authentication Pending" when checks the NPS EventLog it shows "Event ID 13: A RADIUS message was received from the invalid RADIUS client 192.168.172.55" can anyone please help me to complete this.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Have you setup Connection Request Policies for Wireless Connection? 

    I also made my RADIUS auth following by this guide and everything works. For sure to connect my XG to user RADIUS auth I have my XG as a RADIUS Client and each of Unifi AP as a RADIUS Client. 

    Here my auth conditions:

     

    For sure when Sophos is a RADIUS Client you could only auth user on XG not a Unifi (directly to WiFi), Unifi have to have own config on server as you mention on the screens. 

  • 0 in reply to ChrissBook

    Hi,

    Have you setup Connection Request Policies for Wireless Connection? 

    I also made my RADIUS auth following by this guide and everything works. For sure to connect my XG to user RADIUS auth I have my XG as a RADIUS Client and each of Unifi AP as a RADIUS Client. 

    Here my auth conditions:

     

    For sure when Sophos is a RADIUS Client you could only auth user on XG not a Unifi (directly to WiFi), Unifi have to have own config on server as you mention on the screens. 

     

    Thanks for the reply, when i enable both UniFi-AP, Sophos XG as Radius client and configure the NAS Port Type to Wireless - Other OR Wireless IEEE 802.11, wifi gets connected successfully, i doubt which one is authorizing here firewall or AP???

    The major purpose of this setting is to "Restrict Simultaneous Login Authentication" using Sophos XG since UniFi do not have such option.

Reply
  • 0 in reply to ChrissBook

    Hi,

    Have you setup Connection Request Policies for Wireless Connection? 

    I also made my RADIUS auth following by this guide and everything works. For sure to connect my XG to user RADIUS auth I have my XG as a RADIUS Client and each of Unifi AP as a RADIUS Client. 

    Here my auth conditions:

     

    For sure when Sophos is a RADIUS Client you could only auth user on XG not a Unifi (directly to WiFi), Unifi have to have own config on server as you mention on the screens. 

     

    Thanks for the reply, when i enable both UniFi-AP, Sophos XG as Radius client and configure the NAS Port Type to Wireless - Other OR Wireless IEEE 802.11, wifi gets connected successfully, i doubt which one is authorizing here firewall or AP???

    The major purpose of this setting is to "Restrict Simultaneous Login Authentication" using Sophos XG since UniFi do not have such option.

Children
No Data