Radius Question

Is it possible to have a backup Radius server at an alternate location that is connected by BOVPN?

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @waynoh

    So long as the firebox has a route to that server, that shouldn't be a problem.

    Note that you may need to write a rule to apply the IP address that you want the firebox to access that remote RADIUS server via. By default the firebox will source traffic that is destined to networks that it doesn't own via the first available IP address from the lowest numbered external interface.

    See:
    (Configure Policies for Firebox-Generated Traffic)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/policies_firebox_generated_traffic_configure.html

    You can create a policy and using the advanced options in NAT, set the source IP you want the traffic to be from (usually the IP address of your trusted network.)

    -James Carson
    WatchGuard Customer Support

  • Thanks for getting back to me, still a little confused, there is a route to that server, see below:

    But the report to that BOVPN returns this on that route:

  • Do you have a policy, such as an equivalent BOVPN-Allow-in, to allow this traffic in?

  • Yes, it was generated when setting up the BOVPN's.

  • Are you seeing denies for this traffic?
    Odd that the BOVPN report thinks that this traffic is being denied if that is not the case.

Sign In to comment.