Palo Alto RADIUS Accounting Configuration Steps
Introduction
This document explains the steps required to test RADIUS Accounting events forwarded to Palo Alto firewall.
Prerequisites
To forward RADIUS events to Palo Alto firewall port forwarding should be configured on the ISP router.
- Port following should be configured on the ISP router.
Configuring the ISP Router
To configurate port forwarding in the ISP router, follow the given steps.
- Create a NAT – Virtual Server Configuration in the ISP router as follows: Attributes -
- External IP Address – SecureW2 NAT IP
- External Start Port – User desired
- External End Port – User desired
- Protocol – TCP
- Server IP Address – LAN IP of the PaloAlto firewall which is connected to the ISP router
- Source Port - 80
Configuring the Palo Alto Firewall
The Palo Alto firewall helps SSL encrypted traffic and applications Perform the following configurations to receive RADIUS accounting events.
- Navigate to Network > Network Profiles > Interface Management > Management.
- Add the CENT NAT IP as shown in the following image.
Configuring the Management Portal
- Login to the JoinNow Management Portal.
- Go to External Connections > Configuration.
- Click the Add External Connection button.
- In the Name field, enter a name for the connection.
- In the Display Description field, enter a suitable description for the connection.
- From the Type drop down list, select Palo Alto.
- Click Save. The page reloads and the Configuration tab is displayed.
- Select the Configuration tab:
- In the Firewall URL field, enter the server URL.
- In the Username and Password fields, enter the credentials.
- Click the Validate button to verify the credentials and the connection.
- Click Update.
Here is a sample of RADIUS Accounting events for Login and Logout sent to the Palo Alto Firewall for the above configurations.
