RE: [FW1] Proxy Radius

Wed, 21 Jun 2000 13:00:39 -0700 



Actually, we have also been testing Steel Belted RADIUS and it works very
well.  We also don't belive in running extra services and software on the
firewall, so the only option is to have it run on a separate box.  The
whole problem there centers around management of yet another box and more
software.  If it could be done within Check Point great, if not then the
only alternative is to use the Steel Belted RADIUS.

John





"Little, Craig" <[EMAIL PROTECTED]> on 06/21/2000 12:42:55 PM

To:   "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
      [EMAIL PROTECTED]
cc:

Subject:  RE: [FW1] Proxy Radius


Have you tried Steel Belted RADIUS. I've been evaluating it for the past
few
weeks, and I swear by it. It supports proxy, and you could run it either on
the firewall or in the DMZ (my preference is to not runs software /
services
on the firewall). You would allow external hosts to talk to it, and it
could
pass the requests on to your internal RADIUS server.

Check out the following link:
http://www.checkpoint.com/opsec/partners/framework/funk.htm

Craig/

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 22, 2000 6:54 AM
To: [EMAIL PROTECTED]
Subject: [FW1] Proxy Radius




To all,

Does FW-1 support a plugin to forward external RADIUS requests to an
internal server.  For example, suppose there is a box out on the Internet
which authenticates users via RADIUS and I want to proxy those RADIUS
requests throught the firewall to an internal RADIUS server.  Now the
answer is not to open up UDP port 1645 and 1646, so that the external box
can talk to the internal server directly, but rather through a proxy on the
firewall.

Thanks,

John




============================================================================

====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================

====






================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to