Hi there, sometimes it's not clear which IP the RSA agent uses to connect to the RSA server. If you need to fix this, you have to create a file named sdopts.rec in the /var/ace directory and put a line CLIENT_IP=x.x.x.x in it. This will force the RSA authentication agent to use this Source-IP.
Regards Torsten Gödicke > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf > Of Matthew Odendaal > Sent: Thursday, May 03, 2007 8:52 AM > To: [email protected] > Subject: Re: [FW-1] RSA Autentication Manager + NGX Cluster > > > Hi there > > Check Point has a built-in RSA SecurID authentication agent. > All it needs is the sdconf.rec file to point it to the right > server. You just have to put it into the right directory. > > You need to create the /var/ace directory yourself (also make > sure the directory is writable, as the firewall needs to > write the node secret files there the first time it > establishes communication with the RSA server). Make sure > that you create 2 separate sdconf.rec files (one for each > module) and also make sure that the traffic between the > cluster and the SecurID server does not get hidden behind the > cluster IP address (that will cause the authentication to > fail unless configured differently). > > Once you place the sdconf.rec files into the /var/ace > directories, Check Point will automatically use the RSA > server for authentication. Please note that this only works > for FireWall-1 authentication (SecuRemote/Client, SNX, > Client/Session/User Auth). For authentication to the OS > itself, you will have to integrate it slightly differently. > > > Matthew Odendaal > > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf > Of Erick Fortin > Sent: 03 May 2007 06:59 AM > To: [email protected] > Subject: [FW-1] RSA Autentication Manager + NGX Cluster > > Hi, > > I´m traying to install a RSA SecureID tokens on a checkpoint cluster > environment, I was reading the documentation and I found that > you have to > make some configurations on the modules, it says that you > have to place the > file sdconf.rec on the /var/ace directory on splat, but I > cant find if you > have to create that folder or you need to install some > software or agent in > the splat modules. Does anybody know how to configure the modules. > > Your help will be appreciated > > > Atte. > > Erick Fortin > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
