Hi Andrew, On the sixth step, in /var/ace/sdopts.rec the CLIENT_IP=x.x.x.x must be the Cluster ip address? Or the module ip address?.
Thanks a lot. -----Mensaje original----- De: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] En nombre de Andrew W Barkley Enviado el: Jueves, 03 de Mayo de 2007 05:38 a.m. Para: [email protected] Asunto: Re: [FW-1] SV: [FW-1] RSA Autentication Manager + NGX Cluster Hi Erick et al ... Configure as folllows: NOTE: Create NAT rule to NOT nat cluster gateways > SecurID server 1) Create Agent Host for each gateway (SecurID administration) Agent Type = Unix Agent i.e. Unix/Linux etc ... Agent Type = Communication Server i.e. Cisco/Nokia etc ... 2) Modify user auth = SecurID 3) Add each gateway to SecurID server /etc/hosts 4) Ensure SecurID ports open between gateways & SecurID server 5) Create /var/ace (root)(rw) on each gateway, generate sdconf.rec, copy to /var/ace/ 6) Create /var/ace/sdopts.rec, enter CLIENT_IP="your gateway source IP" (routable to SecurID server) 7) Restart each gateway (cpstop && cpstart) 8) Tail SecurID logs whilst logging into gateways (SecurID) for any errors etc Cheers Andrew ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ------------------------ This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ------------------------ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
