Regardless of a profile type, you must specify the type of authentication source, in our case it is a server or a group of RADIUS servers with AUTH.AS: Second option allows you to explicitly specify a domain (and a method to split username and domain), for which this type of authentication will be used.īoth options are configured in almost the same way. There are two ways - one is to create external profile for all users and another is to create a profile tied to a specific domain.įirst option will authenticate users attempting to connect to VPN via an external source (or RADIUS servers with AUTH.AS, in our case). Selecting external profile for users to whom configurable RADIUS authentication will be applied. Add all servers and go to New -> RADIUS Group menu 2.3. To ensure fault tolerance it is recommended to use a group of RADIUS servers.
Keep in mind that RADIUS and NEW-RADIUS services use different ports in CheckPoint. Specifying configuration of the RADIUS server to be detected:Ĭreate a new Host and specify the IP address of the RADIUS server to be detected. In order to use RADIUS for authorization, you must go to SmartDashboard and specify servers that will be used. Selecting via SmartDashboard the RADIUS server to be used: Specifying RADIUS server as authentication source for VPN clients 2.1. To do this, mobile devices support should be enabled together with the related remote access software, in Mobile Access blade settings, like it's shown below:ĪD DS connection is not mandatory when integrating AUTH.AS service and Mobile Access VPN.Ģ.
There is an option to use auth.as also with mobile clients authentication, for example, when using CheckPoint Capsule VPN. This manual covers the procedures for connecting users via Endpoint Security VPN. You can do this in the Network Security tab on General Properties screen:Ĭheck the Mobile Access box and a window will appear where you must select Mobile Access features you are planning to use. Enabling Mobile Access and IPSec VPN blades in the gateway configĪt this stage it is necessary to activate Mobile Access and IPSec VPN blades on the gateway to which users will connect. The manual assumes following several steps, done via SmartDashboard connected to CheckPoint management server with administrator privileges or to the gateway itself when standalone configuration is used.ġ. This manual describes how to integrate AUTH.AS service as the user authentication platform in CheckPoint Mobile Access VPN. Checkpoint Mobile Access Blade and AUTH.AS Integration Manual
0 kommentar(er)
