The Sophos Community will be unavailable from 13:00 to 18:00 UTC this Saturday, October 1st for upgrades. Stay tuned to our Twitter account @SophosSupport for updates.
This article describes setting up Radius (Windows Server 2008 R2) authentication to work with Sophos Wireless Security
Known to apply to the following Sophos product(s) and version(s)
Astaro Security Gateway
Important: The Microsoft KB articles at the bottom of this article must be followed as well for the certificates to work properly.
This article is based on using a fresh install of Windows Server 2008 R2. This has been tested using Windows Server 2008 R2 with ASG versions 8.311 and UTM 9.106 with the following Wireless Network configuration:
Encryption Mode: WPA2 Enterprise Algorithm: AES (secure) Client Traffic: Separate Zone Client Isolation: Disabled Hide SSID: Disabled
Encryption Mode: WPA2 Enterprise
Algorithm: AES (secure)
Client Traffic: Separate Zone
Client Isolation: Disabled
Hide SSID: Disabled
If you already have some of the below steps configured, please use this as a jumping off point for troubleshooting issues you may be having.
Windows Server required Roles & Features:
This article assumes the following:
This procedure consists of the following three sections:
Authorize your Network Policy Server with your Active Directory
Radius Client Setup:
Connection Request Policies:
Click Network Polices
Please make sure the certificate you are using has a valid subject as in the following screen shot:
You can use your current certificate but we recommend creating a separate RAS and IAS certificate template if your Radius server is on the same machine as your Domain Controller. If you renew your Domain Controller cert it can stop authentication via Radius
The following links point to a few Microsoft KB articles describing how to deploy a CA and NPS Server Cert. You must follow the below links in order. Remember, this document outlines a fresh configuration. Please tailor this section according to how you have your certificates setup.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.