Today with the rapid adoption of wireless networks by enterprises and Internet access available everywhere, corporate IT have the ability to increase productivity by expanding access to the corporate network. To provide this expanded access, it is crucial to have centralized authentication to maintain a highly secure and manageable infrastructure. Celestix RADIUS appliance performs centralized connection authentication, authorization, and accounting for many types of network access including wireless, authenticating switch, and virtual private network (VPN) connections. The Celestix appliance is suitable for small, medium and large organizations.

Product Highlights

Function-focused system hardened appliance for RADIUS delivery
Seamless integration with Microsoft Active Directory
LCD display for easy network configuration and status display
One button system recovery to factory default
Equipped with Microsoft IAS (Internet Authentication Service)
Wizard based deployment in less than 15 minutes
User-level reporting
High availability support (through fail-over and load balancing)
Web GUI for management, deployment, reporting, alerting and monitoring
Application layer filtering for enhanced security
Support for two-factor authentication
Supports variety of authorization methods include DNIS, ANI/CLI, Guest authorization.
Supports variety of authentication methods include CHAP, MS-CHAP, MS-CHAP v2, MD5 and EAP-TLS.



Screen shots

The Celestix RADIUS appliance is a versatile appliance that can be used for one or more purposes within the enterprise. It can be used for the following scenarios:

Wireless Security
Wi-Fi Protected Access (WPA) is the new LAN security standard for 802.11 networks that replaces Wired Equivalent Privacy (WEP). WPA addresses the security and privacy concerns of WEP. A key component of WPA is 802.1X, an IEEE standard. To implement 802.1X security, a RADIUS based authentication server is required in the network. The
Celestix RADIUS appliance can perform this function in the network.

Remote Access VPN
When more than one remote access VPN appliance is used to provide remote access service, it becomes difficult to manage policies across these appliances. The Celestix RADIUS appliance enables enforcing consistent remote access policies across all
remote access VPN devices. It also allows generation of aggregate reports across all remote access VPN devices in the network.

Wired Network Security
The Celestix RADIUS can be used in conjunction with 802.1X enabled LAN switches to prevents unauthorized network access from anywhere in your building where a LAN port is available because 802.1X grants port access based on user authentication.

Firewall and Proxy Access
Enterprises can use the Celestix RADIUS appliance to enforce role-based network access security on their firewall and web proxy devices. Web proxies can also be configured to work in concert with the Celestix RADIUS appliance to enable employees authenticated access to the Internet from the Corporate LAN.

Benefits of Using the Celestix RADIUS Appliance

Secure RADIUS deployment
Because RADIUS is an authentication protocol that grants access to critical resources on the network, it is vital that it be deployed securely. Since errors in deployment can be catastrophic, Celestix RADIUS appliance provides a controlled, error-free deployment wizard. Also, the appliance is system hardened to reduce the attack surface,
i.e. no unnecessary open ports or services are enabled.

Multivendor Interoperability
Celestix RADIUS appliance conforms to RADIUS, an Internet Engineering Task Force (IETF) standard and wide variety of authentication protocols. This allows it to integrate with all standards-compliant clients and gateways, which include routers, Ethernet switches, wireless access points, firewall/VPN devices and SAN switches. The Celestix appliance can also authenticate users against many types of user credential repositories such Microsoft Active Directory, and RSA Authentication Manager (ACE/Server).

Simple Management Web Interface
The web-based GUI is delivered directly from the appliance itself, and can be accessed from any Microsoft Windows client running Internet Explorer. The Quick Setup process walks the user through the steps required to configure the appliance for deployment. The appliance also eases day-to-day maintenance by allowing tasks like software updates, viewing log files, system shutdowns/restarts, etc. to be accomplished entirely through the Web GUI.

Monitoring, Reporting and Alerting
The Celestix RADIUS appliance logs all network access and authentication activity, providing information for security audit trail and network diagnostics. You can monitor the activity of the appliance in real-time via the “heartbeat” monitor for information such as rate of failed or discarded requests. The appliance can also be configured to generate alerts that notify/page by email, run a script/application, or log the event when certain anomalies are detected.

Low cost of Ownership
Unlike other RADIUS solutions, the Celestix RADIUS appliance is a true appliance that does not require system or database administration thereby reducing complexity and total cost of ownership. The appliance is built on top of a high performance streamlined hardware that minimizes failures and maintenance. The management software that includes real-time and historical reporting, monitoring, and alerting is
also part of the product .

Celestix RADIUS Network Diagram Overview



Switches, Firewalls/Proxies, RAS gateways and wireless access points can all use the Celestix RADIUS appliance to enhance enterprise network security