RE: [FW1] CP firewall Authentication

Brendan McCauley Mon, 26 Jun 2000 16:01:33 -0700

The radius with the option pack you get very limited features, like it
doesn't pay any attention to groups or users attributes in anyway (ie dialup
rights, etc).  And you can only have one profile (I have a couple of
applications for RADIUS).
Your environment might allow that.

pardon this frivolous endorsement, but I like the package-
I use tccradius (www.tccsoftware.com) for radius applications.  It's very
easy to configure, it works with everything in my environment and does NT
Domain Authentication, it's extremely light weight, lends itself to remote
administration that uses a gui, can be worked from the gui or the dos
prompt, and it's only 300 bucks (US).... as compared to some of the other
radius solutions out there.  I tested the MS MCIS RADIUS, Steel belted
radius, and a couple others that were the recommended favorites, they all
seam bulky and over priced.  Of course, I'm a firm believer in that you get
what you pay for and I'm sure this software probably would be absolutely
useless to anyone else on the list.  I also wouldn't recommend it to someone
with advanced RADIUS configuration skills (they might not like it), but then
I don't know anyone like that...

I'm not saying it's perfect, but it works extremely well for me.
-end of the endorsement

http://www.phoneboy.com/fw1/faq/0282.html
is written for radius in  a UNIX environment, but applies generally to all
platforms:

User-Service-Type = Login-User 

Is the only client specific attribute I needed to make it work with my nt
domain.  This one attribute may be all you need to get the option pack
radius to work with your firewall.  The FAQ above details the rules you may
need to apply.


> -----Original Message-----
> From: Brian C. Kovatch [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 26, 2000 4:35 PM
> To: Dan Hitchcock; 'Daniel Kieng'; 'Fw1_list (E-mail)'
> Subject: RE: [FW1] CP firewall Authentication
> 
> 
> 
> 
> 
> Has anyone out here gotten NT4 RADIUS to work with FW1?  I 
> have tries this a
> couple times in passing but have never gotten it to work.  Can anyone
> provide some tips?  Did you have to modify anything on the 
> RADIUS side?
> Install it on a PDC or BDC?  Any special CheckPoint caveats?
> 
> I have a pretty good size client that is putting in 
> SecuRemote and this
> would obviously help exponentially.
> 
> Thanks in advance,
> BK
> 
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On 
> Behalf Of Dan
> > Hitchcock
> > Sent: Wednesday, June 14, 2000 8:20 PM
> > To: 'Daniel Kieng'; 'Fw1_list (E-mail)'
> > Subject: RE: [FW1] CP firewall Authentication
> >
> >
> >
> > RADIUS is a popular solution.  FW1 supports it natively, 
> and with CP2000,
> > you can even use it to authenticate 3DES connections via SecuRemote.
> > Steel-Belted RADIUS was solid in my testing of it, although a bit
> > expensive
> > and overkill for what we needed.  The RADIUS server on the 
> NT4 option pack
> > (called Internet Authentication services) never worked right for
> > me, but IAS
> > for Win2k seems to work well.
> >
> > Hope that helps...
> >
> > Dan Hitchcock
> > MCSE, CCNA
> > Network Engineer
> > HomeStreet Bank
> > 206.389.4467
> > [EMAIL PROTECTED]
> >
> >
> > -----Original Message-----
> > From: Daniel Kieng [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, June 14, 2000 1:11 PM
> > To: Fw1_list (E-mail)
> > Subject: [FW1] CP firewall Authentication
> >
> >
> >
> > Hello all,
> > I am looking for  a solution to authenticate my securemote 
> client on to my
> > NT domain.  Can anyone tell me what is the way to implement this.
> >
> > > Daniel Kieng
> > > Sr. Network Security Engineer
> > >
> > > PlatinumNetworks
> > > 4501-B Forbes Blvd.
> > > Lanham, MD  20706
> > > Toll Free:    877.429.3349
> > > Corp HQ:    301.429.3349 x464
> > > Fax:           301.429.3357
> > >
> > >
> >
> >
> > ==================================================================
> > ==========
> > ====
> >      To unsubscribe from this mailing list, please see the 
> instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==================================================================
> > ==========
> > ====
> >
> >
> > ==================================================================
> > ==============
> >      To unsubscribe from this mailing list, please see the 
> instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==================================================================
> > ==============
> >
> 
> 
> 
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] CP firewall Authentication

Reply via email to
