Kingsley, 1. Assume that your RSA server is located in the internal network (behind the FW):
1) add the FW as a agent host by using FW's external IP (cluster IP) 2) the agent host must be resolvable through DNS or add it to the host file on the RSA server 2. On CP FW Mgmt server: 2) vi $FWDIR/lib/implied_rules.def 3) remove the line with "#define ENABLE_RADIUS_SERVER" 4) restart CP 3. On CP Enforce module: 1) create a RSA server object 2) create a RADIUS object (UDP RADIUS; ver2.0 compatible) under Servers and OPSEC Application Good luck, Zheng -----Original Message----- From: Kingsley Chu [mailto:[EMAIL PROTECTED] Sent: Thursday, April 29, 2004 3:09 AM To: [EMAIL PROTECTED] Subject: [FW-1] NOKIA Ip clustering (AI R55) with RSA SecureID ACE Server Hi, We have a RSA SecureID annd Checkpoint NGAI R55 on Nokia box (ip clustering). Anyone know how setup the ACE with NOKIA IP clustering ? kingsley ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
