Here are requirements: - Users must be authenticated before access to any resources(server1, server2)
- Authorize:
+ user1 is allowed to access to server1, denied to server2
+ user2 is allowed to access to server2, denied to server1
What i did
on Check Point 1. Create Radius Server
2. Create the External User Profile (generic* user), Authentication Scheme:
Radius 3. Create the number of User Groups (rad_user1, rad_user2...), only specify the name.
4. edit objects5_0.C: set the attribute add_radius_groups(false) -> add_radius_groups(true). CpStop / CpStart ( Firewall is in SecurePlatform)
5. create 2 rules authentication :
Rule 1:
SOURCE: rad_user1@any
DESTINATION: server1
SERVICE: any
ACTION: Client Auth
Rule 2:
SOURCE: rad_user2@any
DESTINATIOn: server2
SERVICE: any
ACTION: Client Auth
on Radius Server (Funk Radius)
Create 2 users:
username: user1
password: user1
class attribute: rad_user1
username: user2
password: user2
class attribute: rad_user2
but when users connect to
http://firewallip:900 to authenticate, and input their usernames, passwords, CP displayed messages:
"Client Authentication Remote Service
FireWall-1 message: User tu1 authenticated by Radius authentication
No Client Authentication Rules Are Available End session"
these words may be mean Check Point didn't understand two rules.
anyone helps me ? thanks