Integration Guide. Eduroam

Similar documents
SecureW2 and Wi-Fi Cloud. Integration Guide

Integration Guide. LoginTC

Integration Guide. SafeNet Authentication Service (SAS)

Integration Guide. SecureAuth

Configuring EAP for Wireless Network Connectivity By Victor Zapata

Integration Guide. Auvik

Integration Guide. NetIQ Sentinel Enterprise

Mitel Cloud VOIP. Integration Guide

The SSID to use and the credentials required to be used are listed below for each type of account: SSID TO CREDENTIALS TO BE USED:

WatchGuard Dimension v2.0 Update 2 Release Notes. Introducing New Dimension Command. Build Number Revision Date 13 August 2015

WatchGuard Dimension v2.1.1 Update 3 Release Notes

Integration Guide. AlienVault Unified Security Management (USM)

For my installation, I created a VMware virtual machine with 128 MB of ram and a.1 GB hard drive (102 MB).

Okta SAML Authentication with WatchGuard Access Portal. Integration Guide

Integration Guide. Oracle Bare Metal BOVPN

The SC receives a public IP address from the DHCP client of the ISP. All traffic is automatically sent out through the WAN interface.

How to connect your device using eduroam

Integration Guide. ManageEngine Network Configuration Manager

Auburn Montgomery AUM Wi-Fi. Windows 7. User s Guide & System Documentation

Integration Guide PRTG

Creating Wireless Networks

What s New in Fireware v WatchGuard Training

Microsoft NPS Configuration Guide

Zebra Setup Utility, Zebra Mobile Printer, Microsoft NPS, Cisco Controller, PEAP and WPA-PEAP

Connect to eduroam WiFi

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

Internet access system through the Wireless Network of the University of Bologna (last update )

HCC Wireless Instructions for Windows 10 (long version)

Fireware. AP Deployment Guide. WatchGuard APs Gateway Wireless Controller Fireware OS v12.1

Configuring 802.1X Authentication Client for Windows 8

WEB ANALYTICS HOW-TO GUIDE

PePWave Mesh Connector User Manual

Revised: 22 November Integration Guide

802.1x Radius Setup Guide Working AirLive AP with Win X Radius Server

How to connect to Wi-Fi

The FSC receives a public IP address from the DHCP client of the ISP. All traffic is automatically sent out through the WAN interface.

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP. For VMware AirWatch

Secure ACS for Windows v3.2 With EAP TLS Machine Authentication

Cisco Meraki. Spectralink VIEW Certified Configuration Guide

WatchGuard Dimension v1.1 Update 1 Release Notes

Configure Wireless for Windows 7

Rethink Remote Access

Figure 5-25: Setup Wizard s Safe Surfing Screen

OneLogin SAML Authentication with WatchGuard Access Portal. Integration Guide

What s New in Fireware v12.3 WatchGuard Training

Cisco Secure ACS for Windows v3.2 With PEAP MS CHAPv2 Machine Authentication

Eduroam wireless network - Mac OSX 10.5 Leopard

Edith Cowan University Information Technology Services Centre

INFORMATION TECHNOLOGY

Certificate Management

Your wireless network

Owner of the content within this article is Written by Marc Grote

Firebox T50 and T50 Wireless

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP

Contents GUIDE TO INTEGRATION IMPLEMENTATION

ServiceNav integration with WatchGuard Solutions

Zebra Setup Utility, Zebra Mobile Printer, NPS, Symbol / Motorola Access point, PEAP and WPA-PEAP

Aerohive Private PSK. solution brief

Zebra Setup Utility, Zebra Mobile Printer, IAS, Symbol / Motorola Access point, PEAP and WPA-PEAP

WatchGuard Training Partnerships. WatchGuard Certified Training Partners WatchGuard Certified Trainers

Cloudpath and Aruba Instant Integration

Using the Terminal Services Gateway Lesson 10

New Windows build with WLAN access

Case Study Captive Portal with QR Code authenticator assisted

Configuring a VAP on the WAP351, WAP131, and WAP371

Configuring Wireless Security Settings on the RV130W

Threat Detection and Response. Deployment Guide

Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS)

Copyright

Workspace ONE UEM Certificate Authority Integration with JCCH. VMware Workspace ONE UEM 1810

A Division of Cisco Systems, Inc. GHz 2, g. Wireless-G. User Guide. Access Point WIRELESS WAP54G (EU/LA/UK) Model No.

Basic Wireless Settings on the CVR100W VPN Router

Step 5: Select Internet Protocol Version 4 (TCP/IPv4) then click Properties:

Windows Smart Card Logon Use Case

Configuration Example

Exam Questions SY0-401

Configuring the Client Adapter through Windows CE.NET

A Division of Cisco Systems, Inc. GHz g. Wireless-G. USB Network Adapter. User Guide WIRELESS WUSB54G. Model No.

Connecting to the NJITSecure wireless network.

Quick Install & Troubleshooting Guide. WAP223NC Cloud Managed Wireless N Access Point

Instructions for connecting to winthropsecure

Integration Guide. SafeNet Authentication Service. SAS using RADIUS Protocol with WatchGuard XTMv. SafeNet Authentication Service: Integration Guide

VOCOM II. WLAN Instructions. VOCOM II Tough

Eduroam Wireless Network Configuration (Mac OS X)

VMware AirWatch Integration with SecureAuth PKI Guide

Connecting Devices to the PSD-BYOD Network

VMware AirWatch Certificate Authentication for EAS with ADCS

How to connect to XBox Live ±via. BiPAC-72,73 Series? How To Connect Xbox 360 Game Consoles to the Router by Ethernet cable (RJ45)?

Application Example (Standalone EAP)

Release Notes for Avaya WLAN 9100 AOS-Lite Operating System WAP9112 Release WAP9114 Release 8.1.0

Install Certificate on the Cisco Secure ACS Appliance for PEAP Clients

Zebra Setup Utility, Zebra Mobile Printer, Microsoft NPS, Cisco Access Point, PEAP and WPA-PEAP

Step-by-step installation guide for monitoring untrusted servers using Operations Manager

Procedure: You can find the problem sheet on the Desktop of the lab PCs.

Internet access system through the Wireless Network of the University of Bologna

TDR and Microsoft Security Essentials. Integration Guide

Fireware v Update 1 Release Notes

Configuring Funk Odyssey Software, Avaya AP-3 Access Point, and Avaya

ClearPass QuickConnect 2.0

simplifying... Wireless Access

Transcription:

Integration Guide Eduroam Revised: 16 August 2017

About This Guide Guide Type Documented Integration WatchGuard or a Technology Partner has provided documentation demonstrating integration Guide Details WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product. Eduroam Integration Guide 2

Eduroam Integration Overview Eduroam is a cloud-based RADIUS proxy solution used by education institutions to provide a single SSID that can be deployed across many different institutions. Eduroam enables students to move between different campus locations and authenticate with the security of RADIUS and the same SSID. Programs and Software Firebox with Fireware v11.10 or greater installed Windows Server 2012 with ADDS, ADCS, and NPS services Eduroam Global Wi-Fi Roaming for Academia For assistance with setup of Windows Server 2012 NPS services, see these references in the MSDN Library: Windows Server NPS Certificate Windows NAP Radius Clients Windows NAP Remote Radius Eduroam Integration Guide 3

Access Point Configuration in WatchGuard Gateway Wireless Controller Configure RADIUS Single Sign-On 1. Log in to Fireware Web UI for your Firebox at https://<ip address of your Firebox>:8080. 2. Select Authentication > Servers. 3. In the Server section, select RADIUS. 4. In the Primary Server Settings section, select the Enable RADIUS Server check box. 5. In the IP Address text box, type the IP address of your RADIUS server. 6. In the Port text box, type the port number to connect to your RADIUS server. The default port number for a RADIUS server is 1821. If you have an older RADIUS server, 1645 might be the port number. Eduroam Integration Guide 4

7. In the Passphrase and Confirm text boxes, type the shared secret (passphrase) for your RADIUS server. Eduroam Integration Guide 5

Configure the Gateway Wireless Controller With the RADIUS Settings 1. Select Network > Gateway Wireless Controller. 2. If it is not already selected, select the Enable Gateway Wireless Controller check box. 3. Select the SSIDs tab and add Eduroam. 4. Select the Security tab and add the appropriate settings for your RADIUS Server. 5. For the Security Mode, select WPA Enterprise. Eduroam Integration Guide 6

Create a Static NAT Policy to Allow Communication to Eduroam Servers 1. Select Firewall > SNAT. 2. Click Add. 3. Type a name for your SNAT policy and add a description. 4. In the SNAT Members section, click Add. 5. Specify the correct information to connect to the Eduroam server in your environment. 6. Click OK. 7. Select Firewall > Firewall Policies 8. Click Add Policy. 9. Select Packet Filter. 10. From the Packet Filter drop-down list, select a RADIUS policy. 11. In the Alias Select Member section To list of, type Static NAT. 12. Select the SNAT policy you created. 13. Click Save. Eduroam Integration Guide 7

Configure AP Devices Managed by WatchGuard Cloud Wi-Fi Configure SSID Template 1. Log in to WatchGuard Wi-Fi Cloud at https://login.watchguard.cloudwifi.com. 2. From the Wi-Fi Cloud interface, select Manage. 3. Select the Configurations tab. 4. Select Device Configuration > SSID Profile. 5. To configure a full profile, select Add New Wi-Fi Profile. 6. In the Profile Name text box, type a profile name. For example, type WatchGuard_Eduroam. 7. In the SSID text box, type eduroam. 8. Expand Security. 9. From the Security Mode drop-down list, select WPA and WPA2 Mixed Mode. 10. Select 802.1X. 11. In the Primary Authentication Server section, type the server IP address, port number, and shared secret. Eduroam Integration Guide 8

12. Configure any additional items as required for your environment. 13. Click Save. Configure Device Templates 1. From the Locations tab, select the Configurations tab. 2. Select Device Configuration > Device Templates. 3. Select Add Device Template. 4. In the Template Name text box, type a name for your template. 5. In the Description text box, type a description or add notes about the template. 6. Select Radio Settings > Define settings for model. 7. Select Add SSID Profile. Eduroam Integration Guide 9

8. Select the SSID profile you created. 9. Click OK. 10. Click Save. Apply the Template to Your AP Devices 1. Select Monitoring > Managed Devices. 2. Select AP Device. 3. Click. 4. From the list of templates, select a device template. 5. Click Save. Eduroam Integration Guide 10

Set Up Windows Server 2012 r2 with NPS Generate A Certificate to Distribute to Users On your Windows server: 1. Open MMC. 2. Select File > Add/Remove Snap-in. 3. In the Available snap-ins section, double-click Certificates. 4. Select Computer account. 5. Click Next. 6. Select Local computer. 7. Click Finish. 8. Select Certificates > Certificates (Local Computer). 9. Select Personal. 10. Select Action > All Tasks > Request New Certificate. 11. Click Next. 12. Select the DomainController certificate template. 13. Click Details. Click Properties. 14. Type the Friendly name for the certificate and add a description. 15. Click Apply 16. Click Enroll. 17. Send the certificate to your end-users in an email or configure your Active Directory server to push the certificate to your clients. Eduroam Integration Guide 11

Configure NPS Radius Clients On your Network Policy Server (NPS): 1. Right-click Radius Clients and select New. 2. Create RADIUS clients for your internal users who authenticate with RADIUS. 3. Create RADIUS clients for Eduroam RADIUS servers. 4. Add a shared secret and an IP address for each RADIUS client you created. Configure Remote RADIUS Servers 1. Right-click Remote RADIUS Server Groups and select New. 2. Create a group name for each Eduroam RADIUS server. Eduroam Integration Guide 12

Create Connection Request Policies 1. Right-click Connection Request Policies and select New. 2. Configure your CRP policies for external and internal to authenticate against own realms and external to forward requests. Eduroam Integration Guide 13

Create Network Policies 1. Right-click Network Policies and select New. 2. Create network policies to define who is authorized to connect to your network. Eduroam Integration Guide 14

Configure RADIUS Server and Shared Secret with Eduroam To configure your RADIUS server: 1. Log in to Eduroam Administration at https://eduroam.us/admin-login. 2. Select the RADIUS Configuration tool. 3. Add a Friendly name for your RADIUS servers. 4. In the Host section, add the external IP address that will send authentication requests to Eduroam servers. This could be the Firebox (with SNAT policy) that forwards the RADIUS requests to your NPS server or the AP device if it has an external address. The Operator-Name is your.edu domain. 5. To test your authentication settings: a. Create test accounts on the Eduroam website. b. Connect to one of the test users (you must also add this user to your Active Directory list of Eduroam users) to your Eduroam SSID. c. From the Eduroam Administration Log Viewer, you review the log messages. Eduroam Integration Guide 15

Eduroam Integration Guide 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback