I'd have to go with you on this one. Like I said, I haven't tested it personally... it's one of those things that seems to have been raised and the answer was.... yeah Check Point knows it's an issue >=)
With that said, SecurID has several "issues" with the current implementation. Didn't mean to mislead you guys, it's just one of the new features of NGX and token based authentication to applications that's going to take some time to figure out how things exactly work. Speaking of which, I should put this on my rack and see exactly how things behave. Jason On 3/2/06, Rajeev Gupta <[EMAIL PROTECTED]> wrote: > > You can definitely create multiple admins on CLM without a problem - > however, as far as I know there is no way available to configure > SecurID authentication or even otherwise. In a Provider-1 environment, > MSP's have been facing issues related to CLM admin account management > for quite some time, for example, you cannot manage these independent > CLM's admin account via MDG and in a large deployment, this has caused > consternation if not outright frustration among administrators. > Perhaps, you can submit RFE and take it up with Check Point Account > team to follow up. > > my 2c, > > hth, > > Rajeev > > > On 3/2/06, cisco4ng <[EMAIL PROTECTED]> wrote: > > Chkp tech, > > > > I usally agree with you 99% of the time; however, I have to disagree > with you on this > > issue. > > > > I've a live NGx R60A standalone log server) and I can create multiple > read/write > > and read accounts on this stand alone log server. The command to do > that > > is "fwm -a xxx" where xxx is the username that I want to > create. During the > > "fwm -a xxx" process, I can assign read/write or read permission for > xxx user > > account. After creating the account, I can log into SmartView Tracker > with > > xxx user account. If I want to delete xxx user account, I can use > "cpconfig" > > to delete that account. To say that there can be ONLY 1 administrator > account > > created at the command line is NOT accurate. Having said that, I am > not sure > > if Checkpoint supports of having more than 1 Administrator. > > > > However, going back to my original question, I honestly think it is > possible to > > authenticate users logging into the standalone log server via > Smartview Tracker with > > RSA Securid because the standalone log server is an independent entity > from > > everything else so that there is NO SmartDashboard to create > Adminstrator > > accounts and assigned SecurID authentication Credentials. > > > > Thank you everyone for the replies. > > > > cisco4ng > > > > > > chkp tech <[EMAIL PROTECTED]> wrote: > > From what I understand, the standalone implementation of a CLM (stand > alone > > log server) can only have one login for that server. I haven't > personally > > tested this, but I have heard issues regarding this and it makes sense. > > Here's what I've heard.... Since a CLM is managed by local users as > opposed > > to authenticating to an MLM, it can only have one administrator account > > (created at the command line). Then since you can only login to the > machine > > read-only with the GUI, it isn't possible to create another admin/user. > > From what I understand, this will be resolved in R61, but who knows if > > that's the case. Again, I've never tried this in person so I can't say > for > > 100% certain. YMMV. > > > > Jason > > > > On 3/1/06, cisco4ng wrote: > > > > > > Hello gurus, > > > > > > I am helping out a friend. His Checkpoint contract expired two days > ago > > > and the > > > contract renewal is waiting for renewal by bean counters and it could > > > take up to three > > > weeks to get this done. > > > > > > Can someone in this group help me with this problem? > > > > > > I have an NGx R60A CLM (aka standalone log server) running on SPLAT. > > > I can receive logs from the SPLAT Enforcement Module just fine. I can > > > log into this CLM Server with SmartView Tracker with the user account > > > "admin" when run "cpconfig" and also with account when I run the > > > command "fwm -a cisco4ng". Both of those accounts work fine. > > > > > > Now I would like to authenticate users when they use Smartview > > > Tracker to log into the CLM via RSA SecurID. I know how to do this > > > with Checkpoint Provider-1. In provider-1 environment, I just have > > > to put the sdconf.rec into /var/ace directory, create an account and > > > specify SecurID as a method of authentication. After that, I run > > > "mdsstop;mdsstart" and I can authenticate users with SecurID when they > > > log into the MDG. > > > > > > However, with the CLM, I can create the /var/ace directory on the CLM > > > box, place the sdconf.rec in the /var/ace directory, run "cprestart". > > > But how can I create the user to authenticate with SecurID > > > authentication. > > > Remember this is a standalone CLM, therefore, the is Smartdashboard > > > interface for me to create user(s). > > > > > > I really do not know what to do. It seems like everytime I opened a > > > TAC case with Checkpoint regarding SecurID, the checkpoint TAC > > > knowledge about checkpoint and SecurID integration is just as bad > > > as I am. > > > > > > Has anyone successfully done this before with stand alone CLM and > > > RSA SecurID authentication? > > > > > > TIA > > > cisco4ng > > > > > > > > > > > > --------------------------------- > > > Yahoo! Mail > > > Use Photomail to share photos without annoying attachments. > > > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, > > > send an email to [EMAIL PROTECTED] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [EMAIL PROTECTED] > > > ================================================= > > > > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > > > > > --------------------------------- > > Yahoo! Mail > > Bring photos to life! New PhotoMail makes sharing a breeze. > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
