Versions Compared

Old Version 1

changes.mady.by.user Adam Darwin

Saved on

compared with

New Version Current

changes.mady.by.user Daniel.Juleff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated Images and Syntax

Create a Radius Logon Procedure

  1. Login to the DualShield management consoleAdministration Console
  2. Navigate to In the main menu, select “Authentication | Logon Procedure”Procedures”
  3. Click the “Create” “+ CREATE” button on the toolbar
  4. Enter a friendly “Name” and select “RADIUS” as the Type
    Image Removed
    Image Added

  5. Click “Save”“SAVE” to create.
  6. Click the Context Menu icon of context "..." menu on the newly create logon procedure, select Logon Procedure. Select “Logon Steps”
  7. In the popup windows, click the “Create” “+ ADD” button on the toolbar, to add Logon Step(s)
  8. Select the “Static Password” (AD account) as the first step, and add Step. Add your preferable authenticator as your second Second step. I chose "One-Time Password as " for example.
    Image Removed
    Click “Save”
    Image Added

Create a RADIUS application

  1. In the main menu, select Navigate to “Authentication | Applications”
  2. Click the “Create” “+ CREATE” button on the toolbar
  3. Enter a friendly “Name”
  4. Select your internal AD “Realm”
  5. Select the logon procedure that was just createdLogon Procedure created in the previous Step,

     Image RemovedImage Added

  6. Click “Save”“SAVE” to create.
  7. Click the context "..." menu of the newly created applicationApplication, then select “Agent”“Agents”
  8. Select the integrated DualShield Radius serverServer Agent, e.g. "Agent-Radius":

     Image RemovedImage Added

  9. Click “Save”“SAVE” to confirm.
  10. Finally click Click the context "..." menu of the newly created applicationApplication, select “Self Test”
    Image Removed
    Image Added

Register the

...

CheckPoint Service Provider as a Radius Client

Select “RADIUS | Navigate to "Radius | Radius Clients” in DualShield management Administration console. Click the “Register” “+ CREATE" button on the toolbar and provide the following value. Enter the credentials like follows:                               

Name Name                                          Unique  Enter a name for this Radius Client
Radius Server Server                             Select integrated DualShield Radius Server
Application   Application                                Select the CheckPoint ApplicaionApplication created previously
IP Address Address                                   The IP address of your Check Point Security Gatewaythe CheckPoint Security Gateway 
Shared Secret Secret                            Provide the shared secret phase phrase used to communicate between Radius server Client and Service Provider Radius clientconfiguration.
Authentication Protocols Protocols             Select Select communication protocols for Radius server and Radius client

         Image RemovedImage Added

Finally click "SAVE" to complete.

Check Point only

...

recognises RADIUS attributes from 1 to 63

...

defined within RFC 2138. Tick "Do not reply with Message Authenticator (Attribute 80)"

...

so that DualShield Radius server will not return attribute 80.