[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] NG FP2, Win2k AD and VPN Users
- To: [email protected]
- Subject: Re: [FW-1] NG FP2, Win2k AD and VPN Users
- From: Lars Troen <[email protected]>
- Date: Wed, 14 Aug 2002 14:38:22 +0200
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcJDiw3/3TZKtWL6SLm/3dTGJ7xHUAAA0kbw
- Thread-topic: Re: [FW-1] NG FP2, Win2k AD and VPN Users
Title: RE: [FW-1] NG FP2, Win2k AD and VPN Users
What I
suggested was to use RADIUS authentication instead of LDAP authentication as it
requires an additional license. And I don't know if there's a guide on how to do
this, but it's pretty straight forward.
-
Install IAS (from add Windows components menu) on a server.
-
Setup a RADIUS object on the firewall (manage/servers/New/Radius
server).
- In
the IAS admin program, make sure you make the firewall a client (both internal
and external ip of firewall) and that you enable chap
authentication.
- For
the users who are going to be authenticated, they have to be granted dial-in
access in AD Users & computers.
- Make
a rule on the firewall that accepts the RADIUS protocol between the firewall and
the IAS server.
- In
the firewall rulebase, make a user with a name of generic* which you define as
you would do if it was a normal user. Make sure you choose RADIUS
authentication. This user will be used in all authentication requests from now
on.
-
Define your vpn on the firewall etc....
- For
troubleshooting check the logs of the IAS server and the
firewall.
Lars
hi;
is there's a guide how to do it
?
contrary to the original email I don't have the LDAP
component.
bye
tiran.
-----Original Message-----
From: Lars
Troen [mailto:[email protected]]
Sent: Wednesday, August 14, 2002 8:47 AM
To: [email protected]
Subject: Re: [FW-1] NG FP2, Win2k AD and VPN Users
The easiest thing here would be to use RADIUS authentication
through IAS (MS Internet Authentication Services) using only a generic* user
at the firewall.
Lars
> -----Original Message-----
>
From: Milliken, Larry [mailto:[email protected]]
> Sent: Tuesday, August 13, 2002 21:41
> To: [email protected]
> Subject: [FW-1] NG FP2, Win2k AD and VPN Users
>
>
> I have a
Windows2000 Active directory environment with over 100 remote
> users(vpn)...I also have NG FP2 on a Nokia box..Is there a way
to
> copy,migrate,move,paste the users from the
active directory
> (LDAP) into
> Checkpoint's LDAP Account Management?..I do not want to
> create over 100
> users in
Checkpoint..I would like to have the vpn users
>
authenticate against
> the Win2k
ActiveDirectory.
>
>
=================================================
>
To set vacation, Out Of Office, or away messages,
>
send an email to [email protected]
>
in the BODY of the email add:
> set
fw-1-mailinglist nomail
>
=================================================
>
To unsubscribe from this mailing list,
> please see
the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
>
[email protected]
>
=================================================
>
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set
fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please
see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
