cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

VPN Integration

archedmeerkat
Copper Contributor

‎Aug 01 2019 08:37 AM

‎Aug 01 2019 08:37 AM

VPN Integration

Will VPN providers not listed in the Integrade VPN page (https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step6-vpn) still work if sending RADIUS Accounting information to a sensor? We are not using one of the listed vendors that are supported and I wanted to see if it would even be worth it to get this setup.

 

Also, can a stand alone sensor be used only to receive RADIUS Accounting data and not be used for monitoring any domain controller traffic? I believe it can be a hard sell to convince all stakeholders that a good usage of a Domain Controller's resources would be to receive RADIUS Accounting traffic. Or that adding a Domain Controller would be a good idea for this.

2,379 Views
0 Likes
3 Replies
Reply
3 Replies
Eli Ofek

‎Aug 01 2019 01:18 PM

‎Aug 01 2019 01:18 PM

Re: VPN Integration

@archedmeerkat  it should work if you can make the data arrive in a format that looks like one of the supported formats.

And no, having a standalone gateway just for radius is not supported.

The memory impact of those events CPU/memory wise are mostly unnoticeable.

0 Likes
Reply
archedmeerkat

‎Aug 07 2019 07:08 AM

‎Aug 07 2019 07:08 AM

Re: VPN Integration

@Eli Ofek

 

Can a sample (or a few) be provided for the correct format for events from RADIUS?

 

Is there any specific data on the impact being negligible when using a Domain Controller as a syslog receiver of RADIUS events? I can let others know that there will likely be little impact, but it will still be a tough sell to get other teams and management buy in for this type of functionality. It would be helpful to have some data to back this up.

 

Outside of Health Alerts in the AATP console, would there be any impact to having a stand alone gateway up, with no traffic going to it?

0 Likes
Reply
best response confirmed by archedmeerkat (Copper Contributor)
Eli Ofek

‎Aug 07 2019 01:48 PM

‎Aug 07 2019 01:48 PM

Solution

Re: VPN Integration

@archedmeerkat 
following this RFC should be a good start:

https://tools.ietf.org/html/rfc2866

It might just work this way, the supported list is a list we tested and confirmed it worked.

I don't have any official data about a measured  impact, just that it never cam up as an issue with any customer...

As for setting a standalone Gateway and "live" with health warning... you might be able to trick it to work if you let it think it monitors a specific DC while it doesn't really see it's traffic or events.

it will produce health alerts, but although not supported at all, it might "work", but I never tested it.

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by archedmeerkat (Copper Contributor)
Eli Ofek

‎Aug 07 2019 01:48 PM

‎Aug 07 2019 01:48 PM

Solution

Re: VPN Integration

@archedmeerkat 
following this RFC should be a good start:

https://tools.ietf.org/html/rfc2866

It might just work this way, the supported list is a list we tested and confirmed it worked.

I don't have any official data about a measured  impact, just that it never cam up as an issue with any customer...

As for setting a standalone Gateway and "live" with health warning... you might be able to trick it to work if you let it think it monitors a specific DC while it doesn't really see it's traffic or events.

it will produce health alerts, but although not supported at all, it might "work", but I never tested it.

View solution in original post

1 Like
Reply