Create a Radius Logon Procedure
- Login to the DualShield management console
- In the main menu, select “Authentication | Logon Procedure”
- Click the “Create” button on the toolbar
- Enter “Name” and select “RADIUS” as the Type
- Click “Save”
- Click the Context Menu icon of the newly create logon procedure, select “Logon Steps”
- In the popup windows, click the “Create” button on the toolbar
- Select the “Static Password” as the first step, and add your preferable authenticator as your second step. I chose One-Time Password as example.
- Click “Save”
Create a RADIUS application
- In the main menu, select “Authentication | Applications”
- Click the “Create” button on the toolbar
- Enter “Name”
- Select “Realm”
- Select the logon procedure that was just created
- Click “Save”
- Click the context menu of the newly created application, select “Agent”
- Select the DualShield Radius server, e.g. "Agent-Radius"
- Click “Save”
- Click the context menu of the newly created application, select “Self Test”
Register the Check Point as a Radius Client
Select “RADIUS | Clients” in DualShield management console. Click the “Register” button on the toolbar and provide the following value:
Name Unique name for Radius Client
Radius Server Select DualShield Radius Server
Application Select CheckPoint Applicaion
IP Address IP address of your Check Point Security Gateway
Shared Secret Provide secret phase used to communicate between Radius server and Radius client
Authentication Protocols Select communication protocols for Radius server and Radius client
Check Point only recognises RADIUS attributes from 1 to 63 defined within RFC 2138. Tick "Do not reply with Message Authenticator (Attribute 80)" so that DualShield Radius server will not return attribute 80.