Create Network Range and Modify Policy
To limit RADIUS authentication to clients in a specific network, we have to create a networks range and modify the default policy to use RADIUS for this specific range we create. We will be logging in from a Windows 10 Desktop from the Instant Clone pool so will use that network range to use to login with RADIUS authentication.
Manage Policies
- Click Manage on the right side next to Setup
- Click Policies
- Click Network Ranges
Add Network Range
Click Add Network Range
Define the Network Range
- Enter RADIUS Test as 'Name' for the network range
- Provide a description RADIUS Test (optional)
- Enter 192.168.100.1 as 'From'
- Enter 192.168.100.255 as 'To'
- Click Save
This will add all the 192.168.100.xxx IP addresses to the RADIUS Test network range and will include our test VM.
Verify the new network range has been added
- Verify RADIUS Test IP Address Range was created
- Close the Network Ranges Window
Change default access policy
Click default_access_policy_set
Edit the default Policy
Click Edit
Ignore Warning
- Click the X to ignore the warning about modifying the default policy
- Click the Next
Add Policy Rule
Click Add Policy Rule
We will add a policy to use RADIUS for our newly created network range test
Configure Policy Rule
- Select RADIUS Test from dropdown menu for "If a user's network range is"
- Select Web Browser from dropdown menu for "and user accessing content from"
- Select RADIUS from dropdown menu for "then the user may authenticate using"
- Select Password from dropdown menu for "If the preceding method fails or is not applicable, then"
- Scroll Down
Advanced Properties
- Click on Advanced Properties
Besides setting the time after which a user has to re-authenticate, you can configure a Custom Error Message, Custom Error Link Text and a Custom Error Link URL, where you could guide the user to a how-to document or further information on how to resolve any issues with authentication.
Please take a minute to look at all the different and authentication method options, allowing you to setup different authentication methods for different devices/access methods and locations (based on network range). You can also combine multiple authentication methods if you need more than 2-factor authentication.
- Click Save
Change Policy Rule Order
- Hover the mouse cursor over RADIUS Test until the cursor changes, then click on RADIUS Test and keep the button pushed
- Drag the rule all the way to the top
- Release the RADIUS Test Policy Rule
Verify Rule Order
- Verify Radius Test is listed as the first rule
- Click Next
Policy Summary
- Verify Policy Rule
- Click Save
You have set up a new policy rule to use RADIUS authentication with the IP range specified. Next we will test connecting from a desktop in that IP range and see we are prompted for our RADIUS password instead of our AD password.
0 Comments
Add your comment