There are a couple of how tos from SonicWall on how to setup RADIUS authentication, but none that cover how to setup multiple groups RADIUS authentication correctly. The following how to covers setting up RADIUS on Windows 2008 and SonicWall.
You will need to install (if not already done) the Network Policy Service and create several Active Directory Groups that map to the required security. In my case we created three groups:
VPN Admins - Full access on the VPN and able to administer the SonicWall
VPN Full Access - Full access on the VPN
VPN Restricted Access - Limited to Email and SharePoint servers
2.) Create a new Network Policy. Network access server type is Unspecified.
3.) Add a new condition - Windows Group. Start with the group VPN Full Access
4.) Add a second condition - Firewall's IP address
5.) Configure Authentication Method. Select MS-CHAP-v2 and MS-CHAP. If you want users to be able to change their password from the VPN client, select the option to change password.
Do steps 2 thru 6 for each group being added to the firewall.
Comments
Post a Comment