timeouts through a firewall?

Alan DeKok aland at deployingradius.com
Thu Apr 5 21:02:46 CEST 2007


Matt Ashfield wrote:
> Our radius server talks to our LDAP server through a firewall.

  Don't do that.  It's wrong.  It breaks the network, as you're discovering.

> I'm wondering
> if this has to do with the session lifetime setting on the firewall?

  Yes.

> If
> there are no authentications taking place (we're in testing mode, and it was
> at least 2-3 hours between client authentications), then I guess this
> connection/session could be timed out by the firewall?

  Yes.

> I just want to know if that makes sense before approaching the firewall guys
> and asking to increase the timeout.

  Don't.  Put the RADIUS server on the same segment as the LDAP server.
 If the security people don't like that, explain that the other choice
is to have the connection to LDAP go down... and then no one can use the
wireless network.

  Why anyone thinks it's a good idea to put a firewall between two
servers that need a reliable connection is beyond me.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list