Secure Transport for Modern Network Authentication
Foxpass Cloud RADIUS with RadSec protects authentication, authorization, and accounting data end-to-end — ensuring encrypted, verified, and reliable communication between your RADIUS clients and servers across any network.
Overview
Traditional RADIUS was built on UDP — fast but unencrypted and unreliable. RadSec (RADIUS over TLS) modernizes RADIUS by transmitting authentication traffic over TLS-encrypted TCP connections, protecting credentials and policies from interception or tampering.
With Foxpass, RadSec is built in — no manual configuration, no tunnels to maintain, and no additional infrastructure required. Every authentication exchange between your access points, VPNs, and Foxpass Cloud RADIUS is encrypted, validated, and verified for integrity.
How It Works
RadSec establishes a mutually authenticated TLS tunnel between your RADIUS client (such as a Wi-Fi controller or VPN gateway) and the Foxpass Cloud RADIUS service.
Each endpoint authenticates through a trusted identity, verified by X.509 certificate or IdP authentication, before any RADIUS data is exchanged.
All RADIUS messages — including EAP-TLS and EAP-TTLS authentication payloads — are transmitted securely within that TLS tunnel.
TCP ensures reliable, ordered packet delivery while TLS guarantees encryption and message integrity.
RadSec protects the transport layer, while EAP-TLS and EAP-TTLS secure the identity exchange inside RADIUS. Together, they deliver true end-to-end authentication security.
Key Benefits
End-to-End Encryption
Encrypts all RADIUS communication, ensuring authentication, authorization, and accounting data remain private and tamper-proof.
Mutual Authentication
Uses trusted identities (X.509 certificates or IdP validation) to authenticate both RADIUS clients and servers, preventing rogue or spoofed endpoints.
Secure Federated and Multi-Domain Access
Supports federated access frameworks like eduroam and OpenRoaming, as well as distributed enterprise Wi-Fi environments, where authentication crosses multiple networks or administrative domains.
Reliable and Scalable
TCP-based delivery eliminates dropped packets and simplifies scaling across sites, regions, and cloud environments.
Built Into Foxpass Cloud RADIUS
RadSec isn’t an add-on — it’s part of the Foxpass Cloud RADIUS architecture. TLS encryption and identity validation are handled automatically, reducing administrative overhead.
Zero-Trust and Compliance Ready
TLS-protected transport helps meet SOC 2, HIPAA, PCI DSS, and ISO 27001 requirements while supporting zero-trust network principles of continuous verification and least-privilege access.
Why Choose Foxpass for RadSec
Cloud-native implementation — no on-prem setup or maintenance.
TLS-encrypted — all RADIUS traffic secured automatically.
Identity- and certificate-based authentication (EAP-TLS / EAP-TTLS) for passwordless, identity-driven access.
MDM integration — works with Intune, Jamf, Kandji, Addigy, and others through MDM Integrations & Certificate Management.
Full visibility — detailed logging and audit trails for every authentication event.
Fast deployment — secure, TLS-protected RADIUS in minutes.
API-ready — automate configuration and monitoring using the Foxpass API.
Start Protecting Your RADIUS Traffic Today
Deploy enterprise-grade network security with Foxpass Cloud RADIUS and built-in RadSec encryption. Get started in minutes or schedule a personalized walkthrough.