RADIUS Health Check status ProxySG appliance is "Unknown" even though RADIUS test configuration works
book
Article ID: 168980
calendar_today
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
Authentication realm health checks on the ProxySG appliance are created on a per-realm basis and not a per-server basis. They report on the status of the last authentication attempt that was performed in that realm. When the status of RADIUS realm is unknown, it means the proxy is not aware of the last time that users were authenticated using this RADIUS realm. The same behavior applies to other authentication realm health checks.
Cause
The authentication health check status is mainly based on the result of the last authentication attempt made by a user against a particular realm. If a realm is defined but not referenced within policy, no users will authenticate against the realm and thus the health check is unaware of the authentication status (status unknown).
The test configuration does not update the health check value because it checks for credential validity with the RADIUS server and not the actual authentication policy itself. If the ProxySG appliance was able to successfully complete authentication using either the primary or the secondary authentication server configured for the realm, the realm is reported as healthy.
Resolution
Install a web authentication rule in ProxySG policy to authenticate users via RADIUS. After a user successfully authenticates, the health check status changes to healthy ("OK").