Aaron,
you need the Account Management feature on the FW1. This allows it to
define NDS as an external LDAP Account Unit. If you have an enterprise FW1
you also need enterprise account mgmt.
You can combine it e.g. with Novell Bordermanager so that you can READ NDS
(LDAP) and check the groups or OU's in which the users are, and perform
RADIUS authentication towards BMAS by using e.g. tokens or Novell
passwords.
In fact you can even perform a schema extention on NDS so that the FW1
attributes are also visible in NDS.
In my experience, NDS is the fastest and most secure LDAP server available
!!
Good luck,
Patrick
>>> "Aaron Shilts" < [email protected]>
08/02/01 00:11 >>> I've been reading up on Checkpoint's ability to
authenticate users off an NDS tree using LDAP. I've read a few posts in
the newsgroups that make it sound like an additional Checkpoint license is
required for this ability. Knowing Checkpoint, this wouldn't surprise
me. My client will be running an enterprise encryption console and
multiple VPN-1 modules for their enforcement points. If a license is
required, where would it be
applied? TIA, Aaron ___________________________ Aaron
Shilts eSecurity Consulting, Inc. phone fax __________________________
|