[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] VPN Authentification
Hello people, I have a small dilema, I would like to have different types of access depending on authentification. We are currently using RADIUS authification for our VPN access, at fist I was thinking of using radius attributes to define the type of access users would get when connecting but I don't think FW1 supports it (If I am wrong please let me know). A second solution was to use multiple radius servers (one for each type of access), so each VPN user group would have a specific rule (with different access) using a different radius server. My problem is that I use generic* to forward all auth requests to the radius server, but I can only use generic* once (which means I can't define multiple instances of generic* with different authentification servers and thus create multiple rules with different access depending on authentification server used). If anyone has any idea how to use multiple authentification schemes using the generic* user I would be very interested in knowing. I know I can create user groups without using generic* but we would then have to manage multiple user databases (one on the radius server for the authentification and one on FW1 for defining access). Thanks for your help, Amaury de Ville Security Engineer Belgacom Skynet ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|