The RADIUS user identification process

Without RADIUS Agent, remote users are authenticated by a RADIUS client (RAS server, VPN server, or firewall) as follows:

Steps

  1. A user logs on to the network from a remote machine.
  2. The RADIUS client receives an authentication request for that user.
  3. The RADIUS client contacts the RADIUS server via the default RADIUS ports (1645 for authentication, and 1646 for accounting), and sends the user name and password to the RADIUS server.
  4. The RADIUS server validates the user name/password combination by checking it against the directory service, and then responds to the RADIUS client.

Next steps

With RADIUS Agent in place in your network, the user authentication process allows the agent to process and transmit remote authentication requests and provide user information to Filtering Service for use in policy enforcement and reporting.

Note that Forcepoint recommends installing RADIUS Agent on a machine separate from the RADIUS server machine. This prevents port and IP address conflicts between RADIUS Agent and the RADIUS server.