Versions Compared

Old Version 1

changes.mady.by.user Adam Darwin

Saved on

compared with

New Version Current

changes.mady.by.user Daniel.Juleff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated Images and Syntax

Create a Radius Logon Procedure

  1. Login to the DualShield management consoleAdministration Console
  2. Navigate to In the main menu, select “Authentication | Logon Procedure”Procedures”
  3. Click the “Create” “+ CREATE” button on the toolbar
  4. Enter a friendly “Name” and select “RADIUS” as the Type
    Image Removed
    Image Added

  5. Click “Save”“SAVE” to create.
  6. Click the Context Menu icon of the newly create logon procedure, select context "..." menu on the newly created Logon Procedure. Select “Logon Steps”
  7. In the popup windows, click the “Create” "+ ADD" button on the toolbar, to add Logon Steps.
  8. Select the “Static Password” (AD account) as the first step, and add Step. Add your preferable authenticator as your second Second step. I chose "One-Time Password as " for example.
    Image Removed
    Click “Save”
    Image Added

Create a RADIUS application

  1. In the main menu, select “Authentication Navigate to "Authentication | Applications”
  2. Click the “Create” “+ Create” button on the toolbar
  3. Enter a friendly “Name”
  4. Select your internal AD “Realm”
  5. Select the logon procedure that was just createdLogon Procedure created in the previous Step.

     Image RemovedImage Added

  6. Click “Save”“SAVE” to create.
  7. Click the context "..." menu of the newly created applicationApplication, then select “Agent”“Agents”
  8. Select the integrated DualShield Radius serverServer Agent, e.g. "Agent-Radius":

     Image RemovedImage Added

  9. Click “Save”“SAVE” to confirm.
  10. Finally click Click the context "..." menu of the newly created applicationApplication, select “Self Test”
    Image Removed
    Image Added

Register the Check Point as a Radius Client

...

Navigate to "Radius | Radius Clients” in DualShield

...

Administration console. Click the

...

“+ CREATE" button on the toolbar

...

. Enter the credentials like follows:                           

...

  

...

Name                                       

...

 Enter a name for this Radius Client
Radius

...

Server                             Select integrated DualShield Radius Server

...

Application                                  Select the CheckPoint

...

Application created previously
IP

...

Address                               

...

 The IP address of

...

the CheckPoint Security Gateway 
Shared

...

Secret                            Provide the shared secret

...

phrase used to communicate between Radius

...

Client and Service Provider Radius

...

configuration.
Authentication

...

Protocols             Select communication protocols for Radius server and Radius client

         Image RemovedImage Added

Finally click "SAVE" to complete.

Check Point only recognises RADIUS attributes from 1 to 63 defined within RFC 2138. Tick "Do not reply with Message Authenticator (Attribute 80)" so that DualShield Radius server will not return attribute 80.