What is the procedure in creating a generic* user in NG fp2? -Devon
-----Original Message----- From: Lars Troen [mailto:Lars.Troen@;PROXYCOM.NO] Sent: Thursday, October 31, 2002 4:28 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] SecureRemote NG + Radius Devon, Enter properties of your firewall object, go to Remote Access / Office Mode Method, and here you can choose DHCP. Lars > -----Original Message----- > From: Devon Harding - GTHLA [mailto:DHarding@;GILATLA.COM] > Sent: Wednesday, October 30, 2002 15:54 > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] SecureRemote NG + Radius > > > Where is the DHCP option for Office Mode in NG FP2? In > 'Global Properties' > under Remote Access/VPN, all I see is a checkbox for Office Mode. > > -Devon > > -----Original Message----- > From: Lars Troen [mailto:Lars.Troen@;PROXYCOM.NO] > Sent: Monday, October 28, 2002 2:50 AM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] SecureRemote NG + Radius > > 1. This is solved using a generic* user (p216 of the Management Guide) > 2. This can be done using Office mode for SecureClient. But > remember that > this ip-address can't be inside the encryption domain. you need a > SecureClient license in order to use Office Mode. > > Lars > > -----Original Message----- > > From: Devon Harding - GTHLA [mailto:DHarding@;GILATLA.COM] > > Sent: Friday, October 25, 2002 17:19 > > To: [EMAIL PROTECTED] > > Subject: Re: [FW-1] SecureRemote NG + Radius > > > > > > Well, I can get this working ONLY if I add the user in > > CheckPoint. There, I > > can modify the authentication tab of the user and tell it > > authenticate with > > a radius server which I've added in CheckPoint to talk to > > IAS, which works > > fine. > > > > Two problems exist: > > > > 1. I want the users to authenticate via radius WITHOUT > > creating them in > > CheckPoint. (My AD contains over 2000 users) > > > > 2. When a user does authenticate, I would like him to use an > > address pool on > > the network instead of his real NAT IP address. (He's behind > > a NAT router.) > > > > How can this be done? > > > > -Devon > > > > -----Original Message----- > > From: libone mhlanga [mailto:libone@;LYCOS.COM] > > Sent: Friday, October 25, 2002 6:02 AM > > To: [EMAIL PROTECTED] > > Subject: Re: [FW-1] SecureRemote NG + Radius > > > > Well there are three of us interested now ...i tried last > > night and failed > > to make FW1/VPN1-NG FP2 talk to an already existing RADIUS server !! > > -- > > > > On Thu, 24 Oct 2002 23:08:52 > > Lars Troen wrote: > > >A, > > >There have been quite a few such requests lately. I'll see > > if I can write a > > step by step howto on the topic as it's not documented on > Phoneboy or > > anywhere else that I've found. > > > > > >But the basics are: > > >- With nt4sp4 and later, plus in w2k (any sp) each user must > > be granted > > dial-in rights. > > >- clear text (pap) authentication (no ms-chap or similar) > > >- It works with both radius 1.0 and 2.0 protocol settings on fw1. > > >- Make sure the firewall and the radius server can talk to > > each other and > > that there are no natting taking place on the radius communication. > > >- For debugging purposes, tcpdump/network monitor and netcat > > are useful > > tools. Radius is using udp so you can't use telnet to verify > > the connection. > > >- The radius shared secret might be sensitive about some > > characters, I > > don't remember which ones and if it was fw1 or w2k that > > caused this problem. > > >- The IAS log is always a good place to watch carefully. > > > > > >Lars > > > > > >> -----Original Message----- > > >> From: Andrea Coppini [mailto:andreacoppini@;IWG.INFO] > > >> Sent: Thursday, October 24, 2002 22:11 > > >> To: [EMAIL PROTECTED] > > >> Subject: Re: [FW-1] SecureRemote NG + Radius > > >> > > >> > > >> Lars, > > >> > > >> There are at least 2 of us interested in this > > information... Care to > > >> share any info you might have on how to go about this? > > >> > > >> Regards > > >> A > > >> > > >> > > >> -----Original Message----- > > >> From: Lars Troen [mailto:Lars.Troen@;PROXYCOM.NO] > > >> Sent: 24 October 2002 8:30 PM > > >> To: [EMAIL PROTECTED] > > >> Subject: Re: [FW-1] SecureRemote NG + Radius > > >> > > >> > > >> Chris, > > >> I have used Microsoft Radius (IAS: NT4 / w2k AD) to > > authenticate users > > >> on both 4.0, 4.1 and NGFP2. > > >> > > >> Lars > > >> > -----Original Message----- > > >> > From: Barber, Chris [mailto:cbarber@;CRITICALIP.COM] > > >> > Sent: Thursday, October 24, 2002 18:52 > > >> > To: [EMAIL PROTECTED] > > >> > Subject: Re: [FW-1] SecureRemote NG + Radius > > >> > > > >> > > > >> > If you are using LDAP/Active Directory do a search on > Checkpoints > > >> > website for "Active Directory" in the list that comes up > > there will > > >> > be a Document > > >> > that is titled "How to configure Microsoft's Active Directory > > >> > Server to work > > >> > with Checkpoint NG FP2" that will be better than radius. > > >> Last time I > > >> > checked with CheckPoint they did not support Microsoft > > >> > Radius, but that was > > >> > on 4.1 fp5, it may now be supported on NG. > > >> > > > >> > Chris. > > >> > > > >> > -----Original Message----- > > >> > From: Devon Harding - GTHLA [mailto:DHarding@;GILATLA.COM] > > >> > Sent: Thursday, October 24, 2002 12:28 PM > > >> > To: [EMAIL PROTECTED] > > >> > Subject: [FW-1] SecureRemote NG + Radius > > >> > > > >> > > > >> > How can I get SecureRemote NG to authenticate against a > > >> radius (Win2K) > > >> > > >> > server without creating internal CheckPoint users? I'd > > >> like for it to > > >> > > >> > look up the users on the Radius server instead of > > looking for them > > >> > in CheckPoint > > >> > first. > > >> > > > >> > -Devon > > >> > > > >> > ================================================= > > >> > To set vacation, Out Of Office, or away messages, > > >> > send an email to [EMAIL PROTECTED] > > >> > in the BODY of the email add: > > >> > set fw-1-mailinglist nomail > > >> > ================================================= > > >> > To unsubscribe from this mailing list, > > >> > please see the instructions at > > >> > http://www.checkpoint.com/services/mailing.html > > >> > ================================================= > > >> > If you have any questions on how to change your > > >> > subscription options, email > > >> > [EMAIL PROTECTED] > > >> > ================================================= > > >> > > > >> > ================================================= > > >> > To set vacation, Out Of Office, or away messages, > > >> > send an email to [EMAIL PROTECTED] > > >> > in the BODY of the email add: > > >> > set fw-1-mailinglist nomail > > >> > ================================================= > > >> > To unsubscribe from this mailing list, > > >> > please see the instructions at > > >> > http://www.checkpoint.com/services/mailing.html > > >> > ================================================= > > >> > If you have any questions on how to change your > > >> > subscription options, email > > >> > [EMAIL PROTECTED] > > >> > ================================================= > > >> > > > >> > > >> ================================================= > > >> To set vacation, Out Of Office, or away messages, > > >> send an email to [EMAIL PROTECTED] > > >> in the BODY of the email add: > > >> set fw-1-mailinglist nomail > > >> ================================================= > > >> To unsubscribe from this mailing list, > > >> please see the instructions at > > >> http://www.checkpoint.com/services/mailing.html > > >> ================================================= > > >> If you have any questions on how to change your > > >> subscription options, email > > >> [EMAIL PROTECTED] > > >> ================================================= > > >> > > >> Andrea Coppini > > >> +356 79 ANDREA (263732) > > >> [EMAIL PROTECTED] > > >> > > >> EMPOWER PEOPLE - THE WORLD IN YOUR HAND > > >> > > >> iWG (iWORLD GROUP) is a global e-mobile company creating, > > >> building and growing new businesses. iWG founders are > > >> pioneers in creating multi-billion dollar mobile and Internet > > >> businesses in Europe, Asia and the US. > > >> > > >> The Global Partners include the shareholders Bank of America, > > >> Deutsche Bank, Hikari Tsushin, McCaw, PaineWebber/UBS, The > > >> Dolphins' Trust, Perikles Trust and the iAA Advisory Network. > > >> > > >> www.iWG.info > > >> > > >> www.countryprofiler.com/iWG > > >> > > >> Privileged/Confidential Information may be contained in this > > >> message. If you are not the addressee indicated in this > > >> message (or responsible for delivery of the message to such > > >> person), you may not copy or deliver this message to anyone. > > >> In such case, you should destroy this message and kindly > > >> notify the sender by reply email. > > >> > > >> ================================================= > > >> To set vacation, Out Of Office, or away messages, > > >> send an email to [EMAIL PROTECTED] > > >> in the BODY of the email add: > > >> set fw-1-mailinglist nomail > > >> ================================================= > > >> To unsubscribe from this mailing list, > > >> please see the instructions at > > >> http://www.checkpoint.com/services/mailing.html > > >> ================================================= > > >> If you have any questions on how to change your > > >> subscription options, email > > >> [EMAIL PROTECTED] > > >> ================================================= > > >> > > > > > >================================================= > > >To set vacation, Out Of Office, or away messages, > > >send an email to [EMAIL PROTECTED] > > >in the BODY of the email add: > > >set fw-1-mailinglist nomail > > >================================================= > > >To unsubscribe from this mailing list, > > >please see the instructions at > > >http://www.checkpoint.com/services/mailing.html > > >================================================= > > >If you have any questions on how to change your > > >subscription options, email > > >[EMAIL PROTECTED] > > >================================================= > > > > > > > > > ____________________________________________________________ > > Get 250 full-color business cards FREE right now! > > http://businesscards.lycos.com > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
