- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
I would not do radius_retrant_timout for 15 seconds if you have Radius_connect_timeout as 40 with the amount of servers and server attempts you have set.
I would do this.
This would give each server 3 attempts of communication, each 5 seconds apart.
meaning server 1 would get 15 seconds of attempt time, before moving on to the 2nd server.
2nd server would get its 3 attempts over another 15 seconds.
Totaling 30 seconds out of the 40 seconds that is permitted (radius_connect_timeout).
so you would see a tcpdump as this if both servers are failing
in seconds
00s source >>> destination_server1
05s source >>> destination_server1
10s source >>> destination_server1
15s source >>> destination_server2
20s source >>> destination_server2
25s source >>> destination_server2
note that 5 seconds per server may need adjusting based on your environment needs and you have to adjust as needed
Follow this train of thought:
Number of Radius servers + (1+radius_retrant_num) + radius_retrant_timeout = radius_connect_timeout +10 extra seconds
Example
2 servers + (1+2) + 5 = X +10 extra seconds
2 + (3) + 5 = X +10 extra seconds
X = 30 + 10 extra seconds
radius_connect_timeout = 40
*note: (radius_retrant_num)
you can set this to zero, and the gateway will still attempt once,
(radius_retrant_num) is more a value for Re-attempts so its 1 + # of retries
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY