[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Encrypted Radius requests from distributed FW's to centralized radius server
Hello, Not to be a bother, but unfortunately I didn't hear anything on this, so I am resending. I'm hoping someone has had experience with this situation. It would seem fairly common. Firewalls are Checkpoint NG, FP3, running on Solaris. Radius is Steel Belted running on Windows. Give 3 firewalls, A, B, and C. They are distributed around the internet, connecting various networks over a VPN. Radius server (raz) is authenticating remote users to all three firewalls. This radius server (raz) resides behind firewall A. Authentication requests from A,B, and C all travel to raz. Here's the rub. The outbound radius request from B and C happen before any VPN rules, and as such, they are traversing the net unencrypted. This is not a problem for A, since RAZ is on a DMZ behind A. So, does anyone know how to get B and C to use their established VPN's to A to tunnel this authentication traffic? Much appreciated to anyone who can provide insight or pointers. Take care. --------------------------------------------------------- Andrew J. Kalat, | Direct:MSS Senior Security Engineer | Main:Internet Security Systems, Inc. | E-Mail: [email protected] 6303 Barfield Road | <http://www.iss.net/> Atlanta, GA 30328 | PGP key available. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|