Re: [FW-1] SecureRemote NG + Radius

[Devon Harding - GTHLA <DHarding@FW1-NOSPAMGILATLA.COM>]

Where is the DHCP option for Office Mode in NG FP2?  In 'Global Properties'
under Remote Access/VPN, all I see is a checkbox for Office Mode.

-Devon

-----Original Message-----
From: Lars Troen [mailto:Lars.Troen@PROXYCOM.NO]
Sent: Monday, October 28, 2002 2:50 AM
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: Re: [FW-1] SecureRemote NG + Radius

1. This is solved using a generic* user (p216 of the Management Guide)
2. This can be done using Office mode for SecureClient. But remember that
this ip-address can't be inside the encryption domain. you need a
SecureClient license in order to use Office Mode.

Lars
> -----Original Message-----
> From: Devon Harding - GTHLA [mailto:DHarding@GILATLA.COM]
> Sent: Friday, October 25, 2002 17:19
> To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
> Subject: Re: [FW-1] SecureRemote NG + Radius
>
>
> Well, I can get this working ONLY if I add the user in
> CheckPoint.  There, I
> can modify the authentication tab of the user and tell it
> authenticate with
> a radius server which I've added in CheckPoint to talk to
> IAS, which works
> fine.
>
> Two problems exist:
>
> 1. I want the users to authenticate via radius WITHOUT
> creating them in
> CheckPoint. (My AD contains over 2000 users)
>
> 2. When a user does authenticate, I would like him to use an
> address pool on
> the network instead of his real NAT IP address.  (He's behind
> a NAT router.)
>
> How can this be done?
>
> -Devon
>
> -----Original Message-----
> From: libone mhlanga [mailto:libone@LYCOS.COM]
> Sent: Friday, October 25, 2002 6:02 AM
> To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
> Subject: Re: [FW-1] SecureRemote NG + Radius
>
> Well there are three of us interested now ...i tried last
> night and failed
> to make FW1/VPN1-NG FP2 talk to an already existing RADIUS server !!
> --
>
> On Thu, 24 Oct 2002 23:08:52
>  Lars Troen wrote:
> >A,
> >There have been quite a few such requests lately. I'll see
> if I can write a
> step by step howto on the topic as it's not documented on Phoneboy or
> anywhere else that I've found.
> >
> >But the basics are:
> >- With nt4sp4 and later, plus in w2k (any sp) each user must
> be granted
> dial-in rights.
> >- clear text (pap) authentication (no ms-chap or similar)
> >- It works with both radius 1.0 and 2.0 protocol settings on fw1.
> >- Make sure the firewall and the radius server can talk to
> each other and
> that there are no natting taking place on the radius communication.
> >- For debugging purposes, tcpdump/network monitor and netcat
> are useful
> tools. Radius is using udp so you can't use telnet to verify
> the connection.
> >- The radius shared secret might be sensitive about some
> characters, I
> don't remember which ones and if it was fw1 or w2k that
> caused this problem.
> >- The IAS log is always a good place to watch carefully.
> >
> >Lars
> >
> >> -----Original Message-----
> >> From: Andrea Coppini [mailto:andreacoppini@IWG.INFO]
> >> Sent: Thursday, October 24, 2002 22:11
> >> To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
> >> Subject: Re: [FW-1] SecureRemote NG + Radius
> >>
> >>
> >> Lars,
> >>
> >> There are at least 2 of us interested in this
> information... Care to
> >> share any info you might have on how to go about this?
> >>
> >> Regards
> >> A
> >>
> >>
> >> -----Original Message-----
> >> From: Lars Troen [mailto:Lars.Troen@PROXYCOM.NO]
> >> Sent: 24 October 2002 8:30 PM
> >> To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
> >> Subject: Re: [FW-1] SecureRemote NG + Radius
> >>
> >>
> >> Chris,
> >> I have used Microsoft Radius (IAS: NT4 / w2k AD) to
> authenticate users
> >> on both 4.0, 4.1 and NGFP2.
> >>
> >> Lars
> >> > -----Original Message-----
> >> > From: Barber, Chris [mailto:cbarber@CRITICALIP.COM]
> >> > Sent: Thursday, October 24, 2002 18:52
> >> > To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
> >> > Subject: Re: [FW-1] SecureRemote NG + Radius
> >> >
> >> >
> >> > If you are using LDAP/Active Directory do a search on Checkpoints
> >> > website for "Active Directory" in the list that comes up
> there will
> >> > be a Document
> >> > that is titled "How to configure Microsoft's Active Directory
> >> > Server to work
> >> > with Checkpoint NG FP2"  that will be better than radius.
> >> Last time I
> >> > checked with CheckPoint they did not support Microsoft
> >> > Radius, but that was
> >> > on 4.1 fp5, it may now be supported on NG.
> >> >
> >> > Chris.
> >> >
> >> > -----Original Message-----
> >> > From: Devon Harding - GTHLA [mailto:DHarding@GILATLA.COM]
> >> > Sent: Thursday, October 24, 2002 12:28 PM
> >> > To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
> >> > Subject: [FW-1] SecureRemote NG + Radius
> >> >
> >> >
> >> > How can I get SecureRemote NG to authenticate against a
> >> radius (Win2K)
> >>
> >> > server without creating internal CheckPoint users?  I'd
> >> like for it to
> >>
> >> > look up the users on the Radius server instead of
> looking for them
> >> > in CheckPoint
> >> > first.
> >> >
> >> > -Devon
> >> >
> >> > =================================================
> >> > To set vacation, Out Of Office, or away messages,
> >> > send an email to LISTSERV@lists.us.checkpoint.com
> >> > in the BODY of the email add:
> >> > set fw-1-mailinglist nomail
> >> > =================================================
> >> > To unsubscribe from this mailing list,
> >> > please see the instructions at
> >> > http://www.checkpoint.com/services/mailing.html
> >> > =================================================
> >> > If you have any questions on how to change your
> >> > subscription options, email
> >> > fw-1-owner@ts.checkpoint.com
> >> > =================================================
> >> >
> >> > =================================================
> >> > To set vacation, Out Of Office, or away messages,
> >> > send an email to LISTSERV@lists.us.checkpoint.com
> >> > in the BODY of the email add:
> >> > set fw-1-mailinglist nomail
> >> > =================================================
> >> > To unsubscribe from this mailing list,
> >> > please see the instructions at
> >> > http://www.checkpoint.com/services/mailing.html
> >> > =================================================
> >> > If you have any questions on how to change your
> >> > subscription options, email
> >> > fw-1-owner@ts.checkpoint.com
> >> > =================================================
> >> >
> >>
> >> =================================================
> >> To set vacation, Out Of Office, or away messages,
> >> send an email to LISTSERV@lists.us.checkpoint.com
> >> in the BODY of the email add:
> >> set fw-1-mailinglist nomail
> >> =================================================
> >> To unsubscribe from this mailing list,
> >> please see the instructions at
> >> http://www.checkpoint.com/services/mailing.html
> >> =================================================
> >> If you have any questions on how to change your
> >> subscription options, email
> >> fw-1-owner@ts.checkpoint.com
> >> =================================================
> >>
> >> Andrea Coppini
> >> +356 79 ANDREA (263732)
> >> andreacoppini@iwg.info
> >>
> >> EMPOWER PEOPLE - THE WORLD IN YOUR HAND
> >>
> >> iWG (iWORLD GROUP) is a global e-mobile company creating,
> >> building and growing new businesses.  iWG founders are
> >> pioneers in creating multi-billion dollar mobile and Internet
> >> businesses in Europe, Asia and the US.
> >>
> >> The Global Partners include the shareholders Bank of America,
> >> Deutsche Bank, Hikari Tsushin, McCaw, PaineWebber/UBS, The
> >> Dolphins' Trust, Perikles Trust and the iAA Advisory Network.
> >>
> >> www.iWG.info
> >>
> >> www.countryprofiler.com/iWG
> >>
> >> Privileged/Confidential Information may be contained in this
> >> message.  If you are not the addressee indicated in this
> >> message (or responsible for delivery of the message to such
> >> person), you may not copy or deliver this message to anyone.
> >> In such case, you should destroy this message and kindly
> >> notify the sender by reply email.
> >>
> >> =================================================
> >> To set vacation, Out Of Office, or away messages,
> >> send an email to LISTSERV@lists.us.checkpoint.com
> >> in the BODY of the email add:
> >> set fw-1-mailinglist nomail
> >> =================================================
> >> To unsubscribe from this mailing list,
> >> please see the instructions at
> >> http://www.checkpoint.com/services/mailing.html
> >> =================================================
> >> If you have any questions on how to change your
> >> subscription options, email
> >> fw-1-owner@ts.checkpoint.com
> >> =================================================
> >>
> >
> >=================================================
> >To set vacation, Out Of Office, or away messages,
> >send an email to LISTSERV@lists.us.checkpoint.com
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >fw-1-owner@ts.checkpoint.com
> >=================================================
> >
>
>
> ____________________________________________________________
> Get 250 full-color business cards FREE right now!
> http://businesscards.lycos.com
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to LISTSERV@lists.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner@ts.checkpoint.com
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to LISTSERV@lists.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner@ts.checkpoint.com
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================