I have been testing "Custom Radius Rules" of SA device with the "FreeRadius" external authentication server.
But it seems this rule isn't triggered because free-radius response with only "Access-Accept" instead of "Access-Challenge".
I have found some hints on another web site, he says free-radius doesn't send Access-Challenge if the authentication type is "PAP"(My Sa device might use PAP).
To archive this goal, SA device sould send a request for an authentication protocol that requires multiple server-client exchanges (like EAP).
How I configure my SA device to request authentication with EAP?
or Some other solution which can help me to solve this problem would be O.K
The Radius client built into the SA (which talks to the backend Radius Servers) can only use PAP. CHAP is not supported as yet.
Have you looked at Steel Belted Radius to provide access-challenge based Radius auth services?