https://community.checkpoint.com/t5/Cloud-Firewall/Radius-Authentication-on-VMSS/m-p/189863#M1472 <TABLE class="TableStyle-TP_Table_Dark_Header_and_Pattern" cellspacing="0"> <THEAD> <TR class="TableStyle-TP_Table_Dark_Header_and_Pattern-Head-Header_Style"> <TH class="TableStyle-TP_Table_Dark_Header_and_Pattern-HeadE-Column_Style-Header_Style lia-align-center" scope="col" width="49.9844px">Parameter</TH> <TH class="TableStyle-TP_Table_Dark_Header_and_Pattern-HeadE-Column_Style-Header_Style lia-align-center" scope="col" width="212.047px">Value</TH> <TH class="TableStyle-TP_Table_Dark_Header_and_Pattern-HeadD-Column_Style-Header_Style lia-align-center" scope="col" width="594.969px">Description</TH> </TR> </THEAD> <TBODY> <TR class="TableStyle-TP_Table_Dark_Header_and_Pattern-Body-White_Background"> <TD width="49.9844px" class="TableStyle-TP_Table_Dark_Header_and_Pattern-BodyE-Column_Style-White_Background"> <P><CODE><SPAN class="SearchHighlight SearchHighlight1">-cg</SPAN></CODE></P> </TD> <TD width="212.047px" class="TableStyle-TP_Table_Dark_Header_and_Pattern-BodyE-Column_Style-White_Background"> <P>CUSTOM_GATEWAY_SCRIPT</P> </TD> <TD width="594.969px" class="TableStyle-TP_Table_Dark_Header_and_Pattern-BodyD-Column_Style-White_Background"> <P>A path of a script on the Management Server that will be run on the gateways after the policy installation.</P> <P>You can add parameters to the script by separating them with spaces. The script should be located in<SPAN>&nbsp;</SPAN><EM>$FWDIR/conf</EM><SPAN>&nbsp;</SPAN>directory, which should only have admin read permissions.</P> <P>For example: "<CODE>$FWDIR/conf/gw-script.sh param1 param2 ...</CODE>"</P> <P>You can set one custom gateway script for each template.</P> <P>If you configure Management Data Plane Separation (MDPS), ensure the script is compatible.</P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>Refer:&nbsp;<A href="https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CME/Content/Topics-CME/CME_Structure_and_Configurations.htm?Highlight=-cg" target="_blank" rel="noopener">https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CME/Content/Topics-CME/CME_Structure_and_Configurations.htm?Highlight=-cg</A>&nbsp;</P> <P>&nbsp;</P> <P>Adding this for searchability of CME gateway script examples.</P> Fri, 18 Aug 2023 12:09:21 GMT Chris_Atkinson 2023-08-18T12:09:21Z https://community.checkpoint.com/t5/Cloud-Firewall/Radius-Authentication-on-VMSS/m-p/116440#M1469 <P>Hi</P><P>&nbsp;</P><P>I have an issue where I am trying to configure Radius auth to the firewalls that will be replicated during a scale out event, is this possible ?&nbsp;</P><P>I have considered the possibility of simply adding the clish commands to the autoprov script could this work? any help will be greatly appreciated.</P><P>&nbsp;</P><P>Thank you in advance,&nbsp;</P> Tue, 20 Apr 2021 16:39:57 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Radius-Authentication-on-VMSS/m-p/116440#M1469 Laurence_Curlin 2021-04-20T16:39:57Z https://community.checkpoint.com/t5/Cloud-Firewall/Radius-Authentication-on-VMSS/m-p/116465#M1470 <P>Hi,</P><P>Try this:</P><OL><LI>create a script in the SMS --&gt; <STRONG><EM>vi $FWDIR/conf/autoscaling-new-instance.sh</EM></STRONG></LI><LI>add the line below in the shell script:<P><FONT size="2"><EM>#! /bin/bash</EM></FONT><BR /><FONT size="2"><EM>clish -c 'add aaa radius servers priority 1 host &lt;@IP&gt; port 1812 secret timout 30'</EM></FONT><BR /><FONT size="2"><EM>clish -c 'add aaa radius servers default-shell /bin/bash'</EM></FONT><BR /><FONT size="2"><EM>clish -c 'add aaa radius servers super-user-uid 0'</EM></FONT></P></LI><LI>Assign the execute permission to the shell script --&gt; <STRONG><EM>chmod u+x $FWDIR/conf/autoscaling-new-instance.sh</EM></STRONG></LI><LI>Configure CME and set the relevant template to use this script --&gt; <STRONG><EM>autoprov_cfg set template –tn &lt;CONFIGURATION-TEMPLATE-NAME&gt; –cg $FWDIR/conf/autoscaling-new-instance.sh</EM></STRONG></LI></OL><P>You can add other command in the script for automation purpose.</P><P>Regards</P> Tue, 20 Apr 2021 23:31:45 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Radius-Authentication-on-VMSS/m-p/116465#M1470 AyGit 2021-04-20T23:31:45Z https://community.checkpoint.com/t5/Cloud-Firewall/Radius-Authentication-on-VMSS/m-p/116479#M1471 <P>Absolutely awesome, thank you very much for that information, I have been searching for ages for clear concise instructions like that.</P> Wed, 21 Apr 2021 06:06:45 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Radius-Authentication-on-VMSS/m-p/116479#M1471 Laurence_Curlin 2021-04-21T06:06:45Z https://community.checkpoint.com/t5/Cloud-Firewall/Radius-Authentication-on-VMSS/m-p/189863#M1472 <TABLE class="TableStyle-TP_Table_Dark_Header_and_Pattern" cellspacing="0"> <THEAD> <TR class="TableStyle-TP_Table_Dark_Header_and_Pattern-Head-Header_Style"> <TH class="TableStyle-TP_Table_Dark_Header_and_Pattern-HeadE-Column_Style-Header_Style lia-align-center" scope="col" width="49.9844px">Parameter</TH> <TH class="TableStyle-TP_Table_Dark_Header_and_Pattern-HeadE-Column_Style-Header_Style lia-align-center" scope="col" width="212.047px">Value</TH> <TH class="TableStyle-TP_Table_Dark_Header_and_Pattern-HeadD-Column_Style-Header_Style lia-align-center" scope="col" width="594.969px">Description</TH> </TR> </THEAD> <TBODY> <TR class="TableStyle-TP_Table_Dark_Header_and_Pattern-Body-White_Background"> <TD width="49.9844px" class="TableStyle-TP_Table_Dark_Header_and_Pattern-BodyE-Column_Style-White_Background"> <P><CODE><SPAN class="SearchHighlight SearchHighlight1">-cg</SPAN></CODE></P> </TD> <TD width="212.047px" class="TableStyle-TP_Table_Dark_Header_and_Pattern-BodyE-Column_Style-White_Background"> <P>CUSTOM_GATEWAY_SCRIPT</P> </TD> <TD width="594.969px" class="TableStyle-TP_Table_Dark_Header_and_Pattern-BodyD-Column_Style-White_Background"> <P>A path of a script on the Management Server that will be run on the gateways after the policy installation.</P> <P>You can add parameters to the script by separating them with spaces. The script should be located in<SPAN>&nbsp;</SPAN><EM>$FWDIR/conf</EM><SPAN>&nbsp;</SPAN>directory, which should only have admin read permissions.</P> <P>For example: "<CODE>$FWDIR/conf/gw-script.sh param1 param2 ...</CODE>"</P> <P>You can set one custom gateway script for each template.</P> <P>If you configure Management Data Plane Separation (MDPS), ensure the script is compatible.</P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>Refer:&nbsp;<A href="https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CME/Content/Topics-CME/CME_Structure_and_Configurations.htm?Highlight=-cg" target="_blank" rel="noopener">https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CME/Content/Topics-CME/CME_Structure_and_Configurations.htm?Highlight=-cg</A>&nbsp;</P> <P>&nbsp;</P> <P>Adding this for searchability of CME gateway script examples.</P> Fri, 18 Aug 2023 12:09:21 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Radius-Authentication-on-VMSS/m-p/189863#M1472 Chris_Atkinson 2023-08-18T12:09:21Z