RADIUS Agent deployment and configuration
To implement transparent user identification via RADIUS Agent:
- Install RADIUS Agent on a server machine running one of the following supported operating systems:
- Windows Server 2008 R2, 2012, 2012 R2, or 2016
- Red Hat Enterprise Linux 6 or 7
RADIUS Agent needs to be installed on only one machine in the network. However, if your network is very large, you may benefit from installing RADIUS Agent on multiple machines. This allows ample space for files that are continually populated with user information, and the user identification process is faster.
- Configure Filtering Service to communicate with RADIUS Agent. (For information about securing communication between the agent and Filtering Service, see Configuring RADIUS Agent settings in
the Forcepoint Security Manager.)
In most cases, you need only one Filtering Service that communicates with every instance of RADIUS Agent in your network. If you have installed multiple Filtering Service instances for load-balancing purposes, each Filtering Service must be able to communicate with every RADIUS Agent.
- Configure the RADIUS client to communicate with RADIUS Agent instead of directly with the RADIUS server. The RADIUS client uses RADIUS Agent as the source of responses to authentication requests.
.jpg)
- Configure RADIUS Agent to forward authentication requests from client machines to the RADIUS server.
- Configure the RADIUS server to use RADIUS Agent as a proxy.Note: If you use Lucent RADIUS Server and RRAS, you must configure the RADIUS server to use Password Authentication Protocol (PAP), and the RRAS server to accept only PAP requests. For more information, see the related product documentation.
- Use the Web Security module of the Forcepoint Security Manager to add the directory clients you want to assign policies.