Infinity CHECK POINT 1100 Administration Manual page 83

Appliances centrally managed

Hide thumbs Also See for CHECK POINT 1100:

Administration manual (122 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

Table of Contents

4. Enter the number of Maximum consecutive login attempts allowed before an administrator is

locked out.

5. In Lock period, enter the time (in seconds) that must pass before a locked out administrator

can attempt to log in again.

6. To enforce password complexity on administrators, click the checkbox and enter the number

of days for the password to expire.

7. Click Apply.

Note - This page is available from the Device and Users & Objects tabs.

Configuring a RADIUS Server for Non-Local Check Point Appliance Users:

Non-local users can be defined on a RADIUS server and not in the Check Point Appliance. When a

non-local user logs in to the Check Point Appliance, the RADIUS server authenticates the user and

assigns the applicable permissions. You must configure the RADIUS server to correctly

authenticate and authorize non-local users.

Note - If you define a RADIUS user with a null password (on the RADIUS server), the Check Point

Appliance cannot authenticate that user.

To configure a Steel-Belted RADIUS server for non-local Check Point Appliance

users:

1. Create the dictionary file checkpoint.dct on the RADIUS server, in the default dictionary

directory (that contains radius.dct). Add these lines to the file:

@radius.dct

MACRO CheckPoint-VSA(t,s) 26 [vid=2620 type1=%t% len1=+2 data=%s%]

ATTRIBUTE CP-Gaia-User-Role

ATTRIBUTE CP-Gaia-SuperUser-Access CheckPoint-VSA(230, integer)

2. Add the following lines to the vendor.ini file on RADIUS server (keep in alphabetical order

with the other vendor products in this file):

vendor-product = Check Point Check Point Appliance

dictionary = nokiaipso

ignore-ports = no

port-number-usage = per-port-type

help-id = 2000

3. Add to the dictiona.dcm file the line:

"@checkpoint.dct"

4. Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user

configuration file:

CP-Gaia-User-Role = <group_name>

Where <group_name> is the name of the RADIUS group that is defined in the Check Point

Appliance WebUI.

Check Point 1100/1200R/1400 Appliances Centrally Managed Administration Guide R77.20.70

CheckPoint-VSA(229, string)

Appliance Configuration

Table of Contents

Need help?

Do you have a question about the CHECK POINT 1100 and is the answer not in the manual?

This manual is also suitable for:

Check point 1200r Check point 1400 L-50 L-50d L-50w L-50wd ... Show all

Infinity CHECK POINT 1100 Administration Manual page 83

Need help?

Related Manuals for Infinity CHECK POINT 1100

This manual is also suitable for:

Table of Contents