Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Radius Authentication over SD-WAN

I have radius authentication working locally from the Sophos Firewall to the local radius server for both VPN and for WiFi authentication, however I am unable to get the authentication working from the Sophos Firewall to another radius server at a remote location over the SD-WAN link.

The SD-WAN link is working perfectly from any PC on the network and they can reach the remote Sophos Firewall, and anything on the remote network and vice-versa (including ping).  If I try to ping from the local Sophos Firewall to the remote network (Diagnostics page, or advanced console) I get 0 replies.

I have checked the configuration and both routing System-generated traffic and reply packets over the SD-WAN are enabled.

Any ideas on why I am not getting system generated traffic over the RED tunnel/SD-WAN?

Version: v20.2 Home - then updated to  v21 GA home

Thanks in advance

Ian



Added TAGs
[edited by: Raphael Alganes at 12:21 PM (GMT -7) on 22 Oct 2024]
Parents
  • I would check where (which interface) the authentication packets leave the firewall.
    (packetcapture with filter host=Radiusserver and port=radiusport)

    Do you use IPsec RB-VPN for SD-WAN?

    Can you show us your sd-wan-routing definition?


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Its RED VPN (Firewall to Firewall) that the SD-WAN is configured over.

    Its more fundamental than just radius server port, its the system-generated-traffic not being routed over the SD-WAN (as demonstrated above by adding static routing which then directs the traffic) 

Reply Children