Are you using the gui to create/delete accounts ?? If so, you plan on using the gui even as your user base grows ??
(BTW, if you use generic* user, your cannot create different groups for authentication (ie 3 different VPN access type, ie : e-mail only, etc..)
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Rodney Lacroix
Sent: Wednesday, March 28, 2001 11:03 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [FW1] Steel Belted Radius and Novell
Actually, after playing around with different settings, I've found that using the user "generic*" causes SEVERE latency in several things (authentication, data transfer, etc.). I've changed my settings to use user names on the firewall, using RADIUS authentication, and use group authentication on the RADIUS server. In doing this, authentication times came down from 15 seconds to 4 seconds, and pings responded on the first try (it took about 6 requests before a reply the other way).
Thanks.
Rodney
>>> "Rocky Stefano" <[EMAIL PROTECTED]> 03/28/01 09:03AM >>>
You might have ICMP disabled in your properties screen on the firewall.
Rocky Stefano
Echelon Systems Inc.
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
www.echelonsystems.com <http://www.echelonsystems.com>
B 905-303-2811
F 905-303-2855
Cell 416-676-3177
Cell Fax 416-676-3183
Systems that work...
----------------------------------------------------------------------------
----------------------------------------------------------------------------
----------------
This email may contain confidential and/or privileged information for the
sole use of the intended recipient. Any review or distribution by others is
strictly prohibited. If you have received this email in error, please
contact the sender and delete all copies. Opinions, conclusions or other
information expressed or contained in this email are not given or endorsed
by the sender unless otherwise affirmed independently by the sender.
----------------------------------------------------------------------------
----------------------------------------------------------------------------
----------------
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Rodney Lacroix
Sent: Wednesday, March 28, 2001 8:15 AM
To: [EMAIL PROTECTED]
Subject: [FW1] Steel Belted Radius and Novell
Hi all,
I've abandoned my LDAP authentication strategy, and have moved on to (what
people in this list say is working successfully) Steel Belted Radius for
Netware.
I have been able to authenticate properly, but am curious as to one thing:
ICMP pings to hosts in my encryption domain no longer work. My DNS
resolution is working, but I get no replies to pings at all.
I have my rule set as a user group, containing the user "generic*", and my
Radius server set up properly (I get "user authenticated by RADIUS
authentication" on the SecuRemote client).
Any thoughts?
Rodney Lacroix
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
