Appliance Configuration
Check Point 1400 Appliances Centrally Managed Administration Guide R77.20.85 | 86
Configuring a RADIUS Server for non-local Check Point Appliance users:
Non-local users can be defined on a RADIUS server and not in the Check Point Appliance. When a
non-local user logs in to the appliance, the RADIUS server authenticates the user and assigns the
applicable permissions. You must configure the RADIUS server to correctly authenticate and
authorize non-local users.
Note - The configuration of the RADIUS Servers may change according to the type of operating
system on which the RADIUS Server is installed.
Note - If you define a RADIUS user with a null password (on the RADIUS server), the appliance
cannot authenticate that user.
To configure a Steel-Belted RADIUS server for non-local appliance users:
1.
Create the dictionary file checkpoint.dct on the RADIUS server, in the default dictionary
directory (that contains radius.dct). Add these lines to the file:
@radius.dct
MACRO CheckPoint-VSA(t,s) 26 [vid=2620 type1=%t% len1=+2 data=%s%]
ATTRIBUTE CP-Gaia-User-Role CheckPoint-VSA(229, string) r
ATTRIBUTE CP-Gaia-SuperUser-Access CheckPoint-VSA(230, integer) r
Add the following lines to the vendor.ini file on RADIUS server (keep in alphabetical order
with the other vendor products in this file):
vendor-product = Check Point Appliance
dictionary = nokiaipso
ignore-ports = no
port-number-usage = per-port-type
Add to the dictiona.dcm file the line:
“@checkpoint.dct”
Add this Check Point Vendor-Specific Attribute to users in your RADIUS server user
configuration file:
CP-Gaia-User-Role =
<role>
Where
<role>
allowed values are:
Super Admin adminRole
Read only monitorrole
Networking Admin networkingrole
To Next Page
Loading...
