No Authentification required

[Chrys]

Greetings everybody,

I have a small problem trying to impliment user authentification on Telnet.

I'm using a Radius server to authenticate my users, with a generic external group. This works fine to authenticate users trying to use the dashboard or the secure client.

I created a rule
SRC DST VPN tr SERVICE ACTION
telnet_grp@any telnet_svr Any Telnet User Auth

When I telnet I get the following which makes me think that it's being intercepted by the FW.

Check Point FireWall-1 authenticated Telnet server running on lu3cdudfw
Connected to xxx.xxx.xxx.xxx

But it sent us directly in the server w/o asking for any CheckPoint authentification.

In the tracker I can see that the traffic is accepted.
But in the information line, it says No authentification required.

I've already installed the User DB on the firewall and created CheckPoint users to see if maybe it wasn't possible to use Radius, but it's all the same.

Any Idea ?

Regards
Chrys

[theoracle]

You need to change your rule action from "user auth" to "session auth".
I believe you want to be authenticated for each connected session.

[Chrys]

Hi,
I tried that, but I get a timeout.
In the tracker, I can see errors.

reason: Connection to Session Agent failed


Chrys

[theoracle]

The placement of the rule in the policy is important. Apparently, the rule works to some degree, as you are receiving the error: connection to session agent failed. Try moving your Telnet rule to the top of the policy as a test. This would confirm that other rules are not affecting this connection problem. I recall this authentication issue present on previous versions of FW-1 as well. I'll post again when I remember the actual fix.