[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SecurID and Checkpoint
Title: RE: [FW1] SecurID and Checkpoint Here is the answer .....this is from the phoneboy site. Configuring SecurID-based Authentication
A:
On ACE/Server, define your firewall as a communications server within the "Add Client" menu of the administrative tool. On ACE/Server, be sure that the client hostname and IP address of the firewall agree with firewall's own definitions. This means that the nodename (as defined by the command "hostname") and the IP that name resolves to match that which is configured on the ACE/Server. On ACE/Server, list the other interfaces of the firewall under Secondary Nodes in the client configuration field. These must be listed in order for the ACE/Server to accept authentication requests from the firewall. From FW-1 Management GUI, define a user group called SecurIDUsers. (From the "Manage" menu, select Users, New, Group.) From FW-1 Management GUI, define a new user (using the default template) named generic*. Add this user to the group SecurIDUsers. Under properties for this user, define SecurID as the authentication method. [Note that only one generic* user can be configured on a FW-1 at any given time.] Add a FW-1 security rule with a source of SecurIDUsers@any, whatever destination and service you want to authenticate, and an action of UserAuth. Save, verify and install the security policy. Check the Network Address Translation rules on the FW-1 GUI to be sure that communications between the firewall and the ACE/Server are not address translated (address translation will really complicate the node secret exchange between the two boxes). On a Unix or IPSO platform, create the directory /var/ace.
Bounce FireWall-1 (fwstop; fwstart)
-----Original Message-----
Prem" <[email protected]> wrote:
If you are not able to find that in the manual, get professional help
Wolfgang
================================================================================
|