CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have sign-ups from twelve different countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 7/14, 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Authentication
Reload this Page Session Auth - SecureID Backend
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-10-18
gparedes gparedes is offline
Junior Member
  
Join Date: 2006-10-18
Location: Washington DC area
Posts: 2
Rep Power: 0
gparedes has an average reputation (10+)
Send a message via AIM to gparedes Send a message via Yahoo to gparedes
Default Session Auth - SecureID Backend
Hello, I am trying to get this Checkpoint R55 to authenticate windows users when they try and traverse port 2948 with a GUI application. In otherwords, no Secureremote, no browser -Just straight internet traffic. Not sure if this can be done but I'm also trying to get the authentication request to forward to the SecureID server. Below is what my rule looks like, any help is appreciated.

Rule (4) which states -
SRC:"all users" -to- DST:Server1 -with- Service:2948 -do- Action:"Session Auth" .

Sub-options of Session Auth:

Default...
source - intersect with database
destination - intersect with database
contact agent at: SecureID_Server

Thanks again,

Gabriel
Reply With Quote
  #2 (permalink)  
Old 2006-10-19
dbedit dbedit is offline
Senior Member
  
Join Date: 2006-06-14
Location: The Netherlands
Posts: 153
Rep Power: 3
dbedit has an average reputation (10+)
Default Re: Session Auth - SecureID Backend
Looks good, make sure authentication is set to secureid on the gateway/users.Let us know your results!
Reply With Quote
  #3 (permalink)  
Old 2006-10-31
Yasushi Kono Yasushi Kono is offline
Senior Member
  
Join Date: 2006-10-03
Location: Offenbach/ Germany
Posts: 104
Rep Power: 2
Yasushi Kono has an average reputation (10+)
Default Re: Session Auth - SecureID Backend
Hi,

I am RSA certified an could help you in case of problems.
Check Point is "RSA SecurID Ready", i.e. it is not necessary to install any RSA Agent Software. What you have to do is just copying the sdconf.rec from the /ace/data directory to the /var/ace directory on the SPLAT Security Gateway (or Linux, Solaris, IPSO) or %systemroot%\system32 on Windows and create an Agent Host on the RSA side ("UNIX Agent" or "NetOS Agent" as far as you install your firewall on Windows).

You should create an External User Profile and put it into a Group. That's almost all! Day to day job. Works great!

My project at the moment is the LDAP integration of Novell eDirectory into RSA Authentication Manager and finally, to integrate this environment into Check Point SVN. Not really a challenge. But few years ago, I could not imagine to acquire the appropriate knowledge to accomplish this task!

Kind regards,
Yasushi
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 02:37.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0