Configuring RADIUS Attributes

Linked Diagram Template

To configure a timeout for Secure HotSpot sessions

Set the Session-Timeout Attribute (attribute 27) to the number of seconds after which users should be automatically logged out from the hotspot.

To assign permissions to specific RADIUS-authenticated users

Create a remote access policy as follows:
1. Assign the policy’s VSA (attribute 26) the SofaWare vendor code (6983).
2. For each permission you want to grant, configure the relevant attribute of the VSA with the desired value, as described in the following table.
For example, to assign the user VPN access permissions, set attribute number 2 to “true”.
Assign the policy to the desired user or user group.

For detailed instructions and examples, refer to the "Configuring the RADIUS Vendor-Specific Attribute" white paper.

VSA Syntax

Permission	Description	Attribute Number	Attribute Format	Attribute Values	Notes
Admin	Indicates the administrator’s level of access to the Safe@Office Portal	1	String	none. The user cannot access the Safe@Office Portal. readonly. The user can log in to the Safe@Office Portal, but cannot modify system settings. users-manager. The user can log in to the Safe@Office Portal and add, edit, or delete "No Access"-level users. However, the user cannot modify other system settings. readwrite. The user can log in to the Safe@Office Portal and modify system settings.
VPN	Indicates whether the user can access the network from a Remote Access VPN Client.	2	String	true. The user can remotely access the network via VPN. false. The user cannot remotely access the network via VPN.	This permission is only relevant if the Safe@Office Remote Access VPN Server is enabled. The gateway must have a certificate.
Hotspot	Indicates whether the user can log in via the My HotSpot page.	3	String	true. The user can access the Internet via My HotSpot. false. The user cannot access the Internet via My HotSpot.	This permission is only relevant if the Secure HotSpot feature is enabled.
UFP	Indicates whether the user can override Web Filtering.	4	String	true. The user can override Web Filtering. false. The user cannot override Web Filtering.	This permission is only relevant if the Web Filtering service is enabled.
RemoteDesktop	Indicates whether the user can remotely access computers' desktops, using the Remote Desktop feature.	5	String	true. The user can log in to the my.firewall portal, view the Active Computers page, and remotely access computers' desktops (irrespective of their level of administrative access). false. The user cannot remotely access computers' desktops.	This permission is only relevant if the Remote Desktop feature is enabled.