Create a Radius Logon Procedure
- Login to the DualShield Administration Console
- Navigate to “Authentication | Logon Procedures”
- Click the “+ CREATE” button on the toolbar
- Enter a friendly “Name” and select “RADIUS” as the Type
- Click “SAVE” to create.
- Click the context "..." menu on the newly created Logon Procedure. Select “Logon Steps”
- In the popup windows, click the "+ ADD" button on the toolbar, to add Logon Steps.
- Select “Static Password” (AD account) as the first Step. Add your preferable authenticator as your Second step. "One-Time Password" for example.
Create a RADIUS application
- Navigate to "Authentication | Applications”
- Click the “+ Create” button on the toolbar
- Enter a friendly “Name”
- Select your internal AD “Realm”
- Select the Logon Procedure created in the previous Step.
- Click “SAVE” to create.
- Click the context "..." menu of the newly created Application, then select “Agents”
- Select the integrated DualShield Radius Server Agent, e.g:
- Click “SAVE” to confirm.
- Finally click the context "..." menu of the newly created Application, select “Self Test”
Register the Check Point as a Radius Client
Navigate to "Radius | Radius Clients” in DualShield Administration console. Click the “+ CREATE" button on the toolbar. Enter the credentials like follows:
Name Enter a name for this Radius Client
Radius Server Select integrated DualShield Radius Server
Application Select the CheckPoint Application created previously
IP Address The IP address of the CheckPoint Security Gateway
Shared Secret Provide the shared secret phrase used to communicate between Radius Client and Service Provider Radius configuration.
Authentication Protocols Select communication protocols for Radius server and Radius client
Finally click "SAVE" to complete.
Check Point only recognises RADIUS attributes from 1 to 63 defined within RFC 2138. Tick "Do not reply with Message Authenticator (Attribute 80)" so that DualShield Radius server will not return attribute 80.