Re: [FW-1] RADIUS/SECURID - FW1 Authentication

[Greg Polanski <greg_polanski@FW1-NOSPAMADC.COM>]

ACE 5. is buggy for an agent with multiple NICs.
ACE 5 expects the hostname to be assigned to the NIC
that is used to communicate with the ACE server.

If you have the ACE 4.0 distribution, use that on
the firewall.  /opt/ace/prog/sdshell will work for
setting the node secret, et.al.

Since the FW has version 3.3 or 4.0 libraries, it is
probably OK.

If you have any replica server and can turn it off, turn it
off while you are trying to get the FW to work.
It takes 5 minutes for the replica to get the node secret.

greg


Justin Derry wrote:
>
> We are using client or session authentication on our checkpoint fw1 4.1
> service pack 5
> servers. we have started to use securID integrated with radius server from RSA.
>
> The first authentication works great and authenticates the user however the
> second authentication
> is dropped by the firewall stating reason access by RADIUS denied. The ace
> server is not allowing the second authentication.
>
> Anyone had this problem. Why is the firewall even making a second request
> to the radius server once the
> user has been authenticated.??
>
> Anyone seen anything like this or had a similar problem. Appreciate
> everyone's feedback
>
> Cheers
> Justin
>
> ===============================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ===============================================

--
_______________________________________________________________
Greg Polanski                    mailto:greg_polanski@adc.com
ADC Telecommunications, IncMSFAX
PO Box 1cell/pager
Minneapolis, MN  55440-493@mobile.att.net
_______________________________________________________________

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================