Hello Benoît,
my question is how the Checkpoint firewall will redirect the external
devices on the captive portal ?
Regards
Fabrice
Le 2017-12-06 à 11:58, Benoît Dubé via PacketFence-users a écrit :
Hi everyone,
I need to do a proof of concept to authenticate external users, in a
BYOD use case, with their social login and/or their own entreprise
accounts if they have MS AD and make the enforcement with the
Checkpoint Firewall. The most important part is with social login.
Here is what I think of:
- Every user's traffic go to the inline firewall, mainly from a wired
connection
- Internal users are identifier against their AD based on Checkpoint
Identity Awareness (AD Query)
- External users are redirected to a captive portal. This is where
Packetfence comes to play
- Externel users registered to Packetfence which authenticate them to
social login services
- If social authentication succeed, a sponsorship feature send a
message to a defined sponsor who accept or deny the user. The sponsor
should be able to set the role/group for each user.
- Packetfence should keep user information to manage future access.
- Later, when a registrered user is redirected to the Captive Portal
(PacketFence) for identification, Packetfence should authenticate
against social login service, and if succeed, sends Radius accounting
data to the Checkpoint to give him network access based on the policy
defined in the Checkpoint. Checkpoint R80 should also receive and
parse the group information from PacketFence within the Radius
accounting. This group information is related to the role/group
defined by the sponsor when users register.
As you can see, there is no 802.1x involved, nor VLAN
assignment/enforcement. Enforcement is apply by the firewall.
Is it a possible use case for PacketFence ? If yes, what are the main
steps to configure this ?
Benoît
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
