[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Encrypted Radius requests from distributed FW's to centralized radius server
Hello, I'm hoping someone has had experience with this situation. It would seem fairly common. Firewalls are Checkpoint NG, FP3, running on Solaris. Radius is Steel Belted running on Windows. Give 3 firewalls, A, B, and C. They are distributed around the internet, connecting various networks over a VPN. Radius server (raz) is authenticating remote users to all three firewalls. This radius server (raz) resides behind firewall A. Authentication requests from A,B, and C all travel to raz. Here's the rub. The outbound radius request from B and C happen before any VPN rules, and as such, they are traversing the net unencrypted. This is not a problem for A, since RAZ is on a DMZ behind A. So, does anyone know how to get B and C to use their established VPN's to A to tunnel this authentication traffic? Much appreciated to anyone who can provide insight or pointers. Take care. --------------------------------------------------------- Andrew J. Kalat, | Direct:MSS Senior Security Engineer | Main:Internet Security Systems, Inc. | E-Mail: [email protected] 6303 Barfield Road | <http://www.iss.net/> Atlanta, GA 30328 | PGP key available. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|