Re: [FW-1] Nokia Cluster Authentication

Sat, 14 Jan 2006 07:23:26 -0800 

hi,

make a manual nat rule:

firewall-nodes -> acs-server -> = -> =
means: no NAT (and no hide behind cluster address) between nokia-nodes and AC-server. 

cheers
reinhard

At 15:29 14.01.2006, you wrote:


Hi Ladies and Gentlemen.

We are running a Nokia cluster consisting of 2 devices running Checkpoint
NGX.
We wish to have Administrators who log in to the Nokias to access IPSO
either via the serial port, Voyager or telnet/ssh to be authenticated against a 
Cisco ACS server.
Administrators can currently log into 1 box and get authenticated, but not
the second.

If I go into Checkpoint and remove the Topology from the cluster, or  disable
the Hide behind Cluster address feature, authentication works fine,  however
I do not wish to do either of these as I do not know what affect it will have 
on other functions.

Is any running this configuration?

Regards

Mick.


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================


--
Reinhard Stich  ASSIST  [EMAIL PROTECTED]
Internet Security AG,      1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to