I don't think anyone has answered the question you asked yet...
There is a way (supposedly) to proxy RADIUS
requests through FW-1. It is documented on phoneboy.com, and it involves
setting up a user "generic*". I was trying to do this and have admin
users with user ids on the firewall (which should have requested the
password only from the RADIUS server) and then generic users (with a
different policy) authenticate via "generic*" where the in theory the
whole ID and password would be passed on. I could not get it to work, and
could not get much more than "No one has ever asked that, and I DON'T
think it will work" from tech support (checkpoint and SecureIT).
It was frustrating, and we just decided to pass the protocol instead of
trying to pass the authentication token.
Carric Dooley CNE
COM2:Interactive Media
http://www.com2usa.com
"Luck is the residue of design."
- Branch Rickey - former owner of the Brooklyn Dodger Baseball Team
On Wed, 21 Jun 2000 [EMAIL PROTECTED] wrote:
>
>
> To all,
>
> Does FW-1 support a plugin to forward external RADIUS requests to an
> internal server. For example, suppose there is a box out on the Internet
> which authenticates users via RADIUS and I want to proxy those RADIUS
> requests throught the firewall to an internal RADIUS server. Now the
> answer is not to open up UDP port 1645 and 1646, so that the external box
> can talk to the internal server directly, but rather through a proxy on the
> firewall.
>
> Thanks,
>
> John
>
>
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
