Configuring RADIUS Dynamic Authorization
Before you begin:
-
Only one interface can be configured in the security zone or interface group if it is referred in a RADIUS Server.
-
A dynamic authorization enabled RADIUS server requires Secure Firewall Threat Defense 6.3 or later for the dynamic authorization to work.
-
Interface selection in RADIUS server is not supported on Secure Firewall Threat Defense 6.2.3 or earlier versions. The interface option will be ignored during deployment.
-
Threat Defense posture VPN does not support group policy change through dynamic authorization or RADIUS change of authorization (CoA).
|
Do This |
More Info | |
|---|---|---|
|
Step 1 |
Log on to your Secure Firewall Management Center web interface. | |
|
Step 2 |
Configure a RADIUS server object with dynamic authorization. | |
|
Step 3 |
Configure a route to ISE server through an interface enabled for change of authorization (CoA) to establish connectivity from threat defense to RADIUS server through routing or a specific interface. | |
|
Step 4 |
Configure a remote access VPN policy and select the RADIUS server group object that you have created with dynamic authorization. | |
|
Step 5 |
Configure the DNS server details and domain-lookup interfaces using the Platform Settings. | |
|
Step 6 |
Configure a split-tunnel in group policy to allow DNS traffic through Remote Access VPN tunnel if the DNS server is reachable through VNP network. | |
|
Step 7 |
Deploy the configuration changes. |