Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Does Rublon Authentication Proxy have to reside on the same network as the RADIUS/LDAP(S) server or can it be a cloud-based server with appropriate access?

            Modified on Wed, 2 Oct at 7:25 AM

            The Rublon Authentication Proxy does not have to reside on the same network as your RADIUS/LDAP(S) server, such as FreeRADIUS, Active Directory, or OpenLDAP. You can install the Auth Proxy on a cloud-based server, such as an AWS instance, outside of your organization's private network. However, there are important considerations to keep in mind regarding network configuration and security.


            Important: The Rublon Authentication Proxy requires the following ports to be open for proper communication:

            • RADIUS: UDP port 1812

            • LDAP: TCP port 389

            • LDAPS: TCP port 636

            • core.rublon.net: TCP port 443


            Ensure firewalls and network policies do not block these ports.


            Deployment Options for Rublon Authentication Proxy

            1. Both the RADIUS/LDAP(S) server and Auth Proxy are inside a private corporate network

            The Rublon Authentication Proxy can be installed on the same or different machine from your VPN or RADIUS/LDAP(S) server within the same private network. This setup keeps all authentication traffic within your secure network perimeter, reducing exposure to external threats.


            2. One is inside a private corporate network and the other is on a cloud-based server

            The Auth Proxy can also be installed on a cloud-based server located outside your organization's private network. In this scenario, you must properly configure network access to allow your on-premises RADIUS server to communicate with the Authentication Proxy over the internet. Make sure firewalls are not blocking any connections. This setup requires careful attention to security due to the transmission of sensitive authentication data over public networks. If you use RADIUS, we recommend that you avoid using PAP over the public internet. Instead, use more secure authentication protocols like EAP-MS-CHAPv2 (by setting proxy_requests to true in the Rublon Authentication Proxy config file) or implement VPN tunnels to secure the connection between the RADIUS/LDAP(S) server and the Rublon Auth Proxy.


            3. Both the RADIUS/LDAP(S) server and the Rublon Authentication Proxy are hosted on a cloud-based server

            In this scenario, both the RADIUS/LDAP(S) server and the Rublon Authentication Proxy are hosted within a cloud-based Virtual Private Cloud (VPC), creating a secure, isolated network environment. Users connect to your cloud-hosted service or VPN, which communicates with the Auth Proxy within the VPC. The Auth Proxy then connects to the RADIUS/LDAP(S) server also hosted in the VPC, ensuring all authentication traffic remains within a secure cloud environment.


            Helpful Links

            Do I have to install the Auth Proxy on a separate machine or the server hosting the VPN?

            How should I configure my firewall for Rublon?

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0