can i have local database authentication if the remote authentication server fails

[venkatnarayana]

Hi all

currently iam authenticating using tacacs which is located at a remote place to my checkpoint firewall R62 secureclient users.

If the Tacacs server goes down is there any way where my secure client users can still login using local database on the firewall.

or how can i have two forms of authentication ie if one remote server goes down i should be able to authenticate using another, present in my location.

[mcnallym]

Implement HA TACACS. You won't get failback so that if TACACS fails then will use local database.

Alternatively communicate with the TACACS via RADIUS and use RADIUS Group to get High Availability.

[fizzkakz]

On this same topic, can you configure SmartCentre to failover to an alternative TACACS server if the first fails?

In reference to the original question, I have configured a shared local username and password for admins to use in the event of a TACACS failure.

[mcnallym]

It will rely on the TACACS server being a cluster or HA system, it is not like a RADIUS Group where you can have a group of servers. I believe that most TACACS server licenses allow you to have a Master/Backup implementation.

ie is similar to if using SecurID then you would rely on a HA implementation of the RSA Serevrs to provide resiliency.

Configuring an local admin is fine for admin purposes however it doesn't get the SecureClient users workings.