[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] AW: [FW-1] Firewall-1 and SecurID
Hello, as far as I know 5.001 was slightly buggy and we also had problems in implementig it on Solaris. However in the meantime there should be a somewhat more recent release. You have the choice to upgrade to the most recent rev. (do not know if it os available for NT) or maybe you'd like to work with rev. 4.3. I won't go via radius, since fw1 and ace can communicate directly. As far as I know the radius setup does not support i.e. "enter next passcode" in all environments. What I can say is that for ace rev. 5.x all DNS stuff und all /etc/hosts (Solaris, maybe there is an NT equivalent ) stuff mus be very (!) accurate for all (source) interfaces. Fw-1 does not support setting an own passcode, but I assume you are talking of the PIN. Setting the PIN via fw-1 client authentication is not a problem. --Joerg -----Ursprüngliche Nachricht----- Von: Keven Lincoln [mailto:[email protected]] Gesendet: Dienstag, 8. Januar 2002 14:47 An: [email protected] Betreff: [FW-1] Firewall-1 and SecurID We have a nokia 440 running IPSO 3.4.1 and Firewall-1 4.1 SP5. We are attempting to achieve authentication with Securid tokens via ACE server version 5.001 [061] running under W2K We are using the Checvkpoint Firewall-1 client session authentication agent version 5.0 for authentication using a generic* user setup on the firewall. We can can authenticate users on the ACE server using passwords, but get "Access Denied by SecurID" when we enable key fobs. We have synchronised the tokens, and set the users passcode using the method which involves using the next changed token code displayed. Has anyone got a configuration similar to this working ? Does anyone know if this combination of software versions is compatible ? Does Firewall-1 support a user setting his own passcode ? Is is worth disabling the securid protocol and talking RADIUS between the fIP440 and the ACE server ? Thanks in advance for any help Regards, Keven ******************************************************************** This email may contain information which is privileged or confidential. If you are not the intended recipient of this email, please notify the sender immediately and delete it without reading, copying, storing, forwarding or disclosing its contents to any other person Thank you Check us out at http://www.syntegra.com ******************************************************************** ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|