A firewall provides additional security and protection to the services that are running on any operating system. The firewall might be a Windows NT–based or Windows 2000–based computer with the Proxy Server, or a third-party firewall package. The firewall can run on the same computer as the IAS server.
One option is to use the Proxy Server to hide the IP address of the server. In this way, the proxy IP address is exposed as the IAS address. You can also use a third-party firewall and enable the UDP traffic for the IAS server only for those ports used by the RADIUS server. For more security, allow traffic to come in only from specific IP Addresses, of NAS or RADIUS proxy, to the RADIUS server.