Traffic Shaping rules not apply to RADIUS auth traffic?
I have an MX with two WANs from different ISPs. WAN1 is primary.
I authenticate my SSID via RADIUS from a RADIUS-as-a-Service on the internet. This is working.
I configured Client VPN with RADIUS authentication and it's working.
My RADIUS-as-a-Service has an option for MFA (TOTP). I want to turn on MFA for Client VPN connections but not wireless connections. I can specify different RADIUS server IPs in the SSID settings and the Client VPN settings. Got that.
My RaaS has multiple public static IPs and recognizes by Source IP. So I would like to RADIUS traffic from SSID auth requests to go out WAN1, and RADIUS traffic for Client VPN auth requests to go out WAN2. That way my RADIUS service knows to only ask for MFA from requests coming from WAN2's IP.
I made the Traffic Shaping rules in Flow Preferences accordingly. But it looks like RADIUS traffic does not obey these rules. Does anyone know if RADIUS traffic are supposed to obey traffic shaping rules?
I can tell that all RADIUS traffic looks like it's coming from WAN1. This is because the shared key I use for WAN1 works for both wireless and Client VPN. When I use the shared key meant for WAN2, it doesn't work.
Yeh sorry @KevinH, Philip is probably correct here. You can likely influence the SSID RADIUS traffic as that's traversing the MX, but for Client VPN it would originate from the MX and not be subject to the flow preferences. I misunderstood that part. Sorry for the confusion.