Create Network Range and Modify Policy

To limit RADIUS authentication to clients in a specific network, we have to create a networks range and modify the default policy to use RADIUS for this specific range we create. We will be logging in from a Windows 10 Desktop in the Instant Clone pool so will use that network range to use to login with RADIUS authentication.

Manage Policies

  1. Click Manage on the right side next to Setup
  2. Click Policies
  3. Click Network Ranges

Add Network Range

Click Add Network Range

Define the Network Range

  1. Enter RADIUS Test as 'Name' for the network range
  2. Provide a description RADIUS Test (optional)
  3. Enter 192.168.100.1 as 'From'
  4. Enter 192.168.100.255 as 'To'
  5. Click Save

This will add all the 192.168.100.xxx IP addresses to the RADIUS Test network range and will include our test VM.

Verify the new network range has been added

  1. Verify RADIUS Test IP Address Range was created
  2. Close the Network Ranges Window

Change default access policy

Click default_access_policy_set

Edit the default Policy

Click Edit

Ignore Warning

  1. Click the X to ignore the warning about modifying the default policy
  2. Click the Next

Add Policy Rule

Click Add Policy Rule

We will add a policy to use RADIUS for our newly created network range test

Configure Policy Rule

  1. Select RADIUS Test from dropdown menu for "If a user's network range is"
  2. Select Web Browser from dropdown menu for "and user accessing content from"
  3. Select RADIUS from dropdown menu for "then the user may authenticate using"
  4. Select Password from dropdown menu for "If the preceding method fails or is not applicable, then"
  5. Scroll Down

Advanced Properties

  1. Click on Advanced Properties

Besides setting the time after which a user has to re-authenticate, you can configure a Custom Error Message, Custom Error Link Text and a Custom Error Link URL, where you could guide the user to a how-to document or further information on how to resolve any issues with authentication.

Please take a minute to look at all the different and authentication method options, allowing you to setup different authentication methods for different devices/access methods and locations (based on network range). You can also combine multiple authentication methods if you need more than 2-factor authentication.

  1. Click Save

Change Policy Rule Order

  1. Hover the mouse cursor over Radius Test until the cursor changes, then click on Radius Test and keep the button pushed
  2. Drag the rule all the way to the top
  3. Release the Radius Test Policy Rule

Verify Rule Order

  1. Verify Radius Test is listed as the first rule
  2. Click Next

Policy Summary

  1. Verify Policy Rule
  2. Click Save

You have set up a new policy rule to use RADIUS authentication with the IP range specified. Next we will test connecting from a desktop in that IP range and see we are prompted for our RADIUS password instead of our AD password.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.