Infinity CHECK POINT 1100 Administration Manual page 96

Appliances centrally managed

Hide thumbs Also See for CHECK POINT 1100:

Administration manual (122 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

Table of Contents

Configuring a RADIUS Server for Non-Local Check Point Appliance Users:

Non-local users can be defined on a RADIUS server and not in the Check Point Appliance. When a

non-local user logs in to the Check Point Appliance, the RADIUS server authenticates the user and

assigns the applicable permissions. You must configure the RADIUS server to correctly

authenticate and authorize non-local users.

Note - If you define a RADIUS user with a null password (on the RADIUS server), the Check Point

Appliance cannot authenticate that user.

To configure a Steel-Belted RADIUS server for non-local Check Point Appliance

users:

1. Create the dictionary file checkpoint.dct on the RADIUS server, in the default dictionary

directory (that contains radius.dct). Add these lines to the file:

@radius.dct

MACRO CheckPoint-VSA(t,s) 26 [vid=2620 type1=%t% len1=+2 data=%s%]

ATTRIBUTE CP-Gaia-User-Role

ATTRIBUTE CP-Gaia-SuperUser-Access CheckPoint-VSA(230, integer)

2. Add the following lines to the vendor.ini file on RADIUS server (keep in alphabetical order

with the other vendor products in this file):

vendor-product = Check Point Check Point Appliance

dictionary = nokiaipso

ignore-ports = no

port-number-usage = per-port-type

help-id = 2000

3. Add to the dictiona.dcm file the line:

"@checkpoint.dct"

4. Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user

configuration file:

CP-Gaia-User-Role = <group_name>

Where <group_name> is the name of the RADIUS group that is defined in the Check Point

Appliance WebUI.

To configure a

FreeRADIUS

1. Create the dictionary file dictionary.checkpoint in /etc/freeradius/ on the RADIUS

server:

# Check Point dictionary file for freeradius AAA server

VENDOR

ATTRIBUTE

CheckPoint

ATTRIBUTE

CheckPoint

2. Add to /etc/freeradius/dictionary the line:

"$INCLUDE

Check Point 1100/1200R/1400 Appliances Centrally Managed Administration Guide R77.20.70

server for non-local Check Point Appliance users:

CheckPoint 2620

CP-Gaia-User-Role

CP-Gaia-SuperUser-Access

dictionary.checkpoint"

CheckPoint-VSA(229, string)

229

230

Appliance Configuration

string

integer

Table of Contents

Need help?

Do you have a question about the CHECK POINT 1100 and is the answer not in the manual?

This manual is also suitable for:

Check point 1200r Check point 1400 L-50 L-50d L-50w L-50wd ... Show all

Infinity CHECK POINT 1100 Administration Manual page 96

Need help?

Subscribe to Our Youtube Channel

Related Manuals for Infinity CHECK POINT 1100

This manual is also suitable for:

Table of Contents