Hi there Check Point has a built-in RSA SecurID authentication agent. All it needs is the sdconf.rec file to point it to the right server. You just have to put it into the right directory.
You need to create the /var/ace directory yourself (also make sure the directory is writable, as the firewall needs to write the node secret files there the first time it establishes communication with the RSA server). Make sure that you create 2 separate sdconf.rec files (one for each module) and also make sure that the traffic between the cluster and the SecurID server does not get hidden behind the cluster IP address (that will cause the authentication to fail unless configured differently). Once you place the sdconf.rec files into the /var/ace directories, Check Point will automatically use the RSA server for authentication. Please note that this only works for FireWall-1 authentication (SecuRemote/Client, SNX, Client/Session/User Auth). For authentication to the OS itself, you will have to integrate it slightly differently. Matthew Odendaal -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Erick Fortin Sent: 03 May 2007 06:59 AM To: [email protected] Subject: [FW-1] RSA Autentication Manager + NGX Cluster Hi, I´m traying to install a RSA SecureID tokens on a checkpoint cluster environment, I was reading the documentation and I found that you have to make some configurations on the modules, it says that you have to place the file sdconf.rec on the /var/ace directory on splat, but I cant find if you have to create that folder or you need to install some software or agent in the splat modules. Does anybody know how to configure the modules. Your help will be appreciated Atte. Erick Fortin ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
