# Proxy Settings

Proxies are required when your authenticators (e.g., access points, switches) support only traditional RADIUS over UDP for AAA. The proxies handle protocol conversion from RADIUS to RadSec, enabling your equipment to communicate securely with the RADIUSaaS core servers, which support only RadSec (RADIUS over TCP) for AAA.

## Architecture

{% hint style="warning" %}
Your subscription includes at least two public IP addresses capable of communicating via RADIUS. We strongly recommend configuring these IP addresses as the primary and secondary RADIUS servers on your network devices and appliances. For optimal redundancy, the secondary IP should be located in a different geographic region from the primary.
{% endhint %}

### Performance

Each proxy can handle up to **1,500** **concurrent** connections flawlessly. 

This corresponds to a time-based performance of **10,000 authentications per minute per proxy**.

### Scaling 

To ensure smooth operation, consider the following number of proxies based on the number of users you have licensed (your needs may change if your offices are more globally distributed):

|       User       | Proxy Count |
| :--------------: | :---------: |
|    50 - 2,500    |      2      |
|  2,501 - 10,000  |      3      |
|  10,001 - 25,000 |      4      |
|  25,001 - 50,000 |      6      |
| 50,001 - 100,000 |      10     |

### Regions

You can deploy the proxy servers in the following regions:

| Continent     | Region                                            |
| ------------- | ------------------------------------------------- |
| Africa        | Johannesburg                                      |
| Asia          | <p>Bangalore<br>Singapore<br>TelAviv<br>Tokio</p> |
| Australia     | Sydney                                            |
| Europe        | <p>Frankfurt<br>London<br>Madrid<br>Stockholm</p> |
| North America | <p>Dallas<br>New York<br>Seattle<br>Toronto</p>   |
| South America | Santiago                                          |

### Load Balancing

If you have a setup with more than 1,000 users, we highly recommend ensuring, that your network equipment will send equal amounts of authentications to each proxy.

For network equipment, where you can define the priority of the RADIUS servers, you can ensure load-balancing by defining different priority orders for your different network equipment instances.

**Example:** You have 5 WiFi controllers and 3 RADIUS Proxies. You may then configure the following priority orders in your WiFi controllers:

<table><thead><tr><th width="196.5">WiFi Controller #</th><th>RADIUS Priority Order</th></tr></thead><tbody><tr><td>1 and 4</td><td>1, 2, 3</td></tr><tr><td>2 and 5</td><td>2, 3, 1</td></tr><tr><td>3</td><td>3, 1, 2</td></tr></tbody></table>

### Failover

When [multiple RadSec endpoints](https://docs.radiusaas.com/admin-portal/settings-server#failover-and-redundancy) are configured, RADIUSaaS provides an automatic failover mechanism for your RADIUS proxies.&#x20;

In the unlikely event that one or more RadSec endpoints fail, the available proxies will detect the failed state and redirect requests to the (geographically) closest active RadSec endpoint.&#x20;

{% hint style="info" %}
Please note that this failover does not apply if the RadSec protocol is being used by the Authenticators rather than RADIUS. In that case, failover is provided by the Authenticator as described [here](https://docs.radiusaas.com/admin-portal/settings/settings-server#failover-and-redundancy). &#x20;
{% endhint %}

### Properties

The IP address, ports and shared secret of the RADIUS Proxies will be displayed under [**Server Settings**](https://docs.radiusaas.com/admin-portal/settings/settings-server) **>** [**Ports and IP Addresses**](https://docs.radiusaas.com/admin-portal/settings-server#properties-1).

## Add&#x20;

To Add a new proxy, simply click **Add**, choose your **Region** and click **Create.**&#x20;

<figure><img src="https://1222554226-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSWU1DQ4UGkqER7uGNUOm%2Fuploads%2FdYYSzIgvS3UWx49CaBac%2FAddingProxy.gif?alt=media&#x26;token=882a1588-cef6-40e5-a4f1-acd3bfda1794" alt=""><figcaption><p>Showing how to create a proxy</p></figcaption></figure>

\
After the installation has finished, it can take up to 15 minutes until your proxy has established a connection to your RADIUS server.

<figure><img src="https://1222554226-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSWU1DQ4UGkqER7uGNUOm%2Fuploads%2FYEt9K2psQhtWbTnmZglz%2Fimage.png?alt=media&#x26;token=2718c72f-7dc9-4c47-93d7-0a4edf4c1f21" alt=""><figcaption><p>Showing proxy servers</p></figcaption></figure>

## Delete

To **Delete** a proxy, simply click **Delete** of corresponding table row and confirm your choice.&#x20;

<figure><img src="https://1222554226-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSWU1DQ4UGkqER7uGNUOm%2Fuploads%2FdG9S6y1JYJULGymRizAk%2Fimage.png?alt=media&#x26;token=a301871a-220a-4e75-8cfd-902880a9df75" alt="" width="417"><figcaption><p>Showing deletion of a proxy server</p></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.radiusaas.com/admin-portal/settings/settings-proxy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.