topic Re: LOM port configuration with radius in Firewall and Security Management

LOM port configuration with radius

akshay101 — Tue, 14 Oct 2025 13:23:39 GMT

I have configured the LOM port on the Check Point firewall and can access it using the admin credentials.

We have also configured a RADIUS profile, but when attempting to log in using RADIUS authentication, the login fails. On the ISE side, the logs show a failure due to an invalid password or shared key, even though I am using the correct credentials and key.

When we change the shared key to a simpler one on both ISE and LOM, I’m able to reach the login prompt but receive a “User access denied, contact admin” message. Meanwhile, ISE shows that the authentication was successful.

Re: LOM port configuration with radius

_Val_ — Tue, 14 Oct 2025 13:58:56 GMT

Are you using a non-English locale? It is probably that LOM is set to an English keyboard, while you are not, hence the special characters used with your password are not the same.

Re: LOM port configuration with radius

akshay101 — Tue, 14 Oct 2025 14:03:43 GMT

@_Val_ we tried with simple password as well, on ISE radius user getting authenticated but on LOM page its showing user access denied. contact administrator.

Re: LOM port configuration with radius

the_rock — Tue, 14 Oct 2025 17:48:28 GMT

Did you check with TAC? Its possible this might be a known limitation.

Andy

Re: LOM port configuration with radius

_Val_ — Wed, 15 Oct 2025 08:30:06 GMT

Yet, you did not answer the question. Do you, or do you not, use a non-English keyboard? Also, are you sure your LOM is set correctly?

Re: LOM port configuration with radius

genisis__ — Wed, 15 Oct 2025 09:15:27 GMT

Whats the appliances and LOM type also firmware version - I've not had any issue with the LOM sending the RADIUS request to the ISE server however there is some work to do on the iSE server to get it working (not had the time for it).

It would be nice if TACACS+ was supported.

Re: LOM port configuration with radius

akshay101 — Wed, 15 Oct 2025 10:30:18 GMT

Yes, using english keyboard. yes its accessible with admin but not with radius users.

Re: LOM port configuration with radius

akshay101 — Wed, 15 Oct 2025 10:31:31 GMT

We had created a new policy on ISE with simple shared keys but still issue is there.

Re: LOM port configuration with radius

_Val_ — Wed, 15 Oct 2025 11:03:52 GMT

Thanks. Please open a TAC case for this

Re: LOM port configuration with radius

Lesley — Wed, 15 Oct 2025 14:02:33 GMT

Most LOM issues are because of outdated LOM software. What LOM version you have installed? Java or HTML5 based? In what appliance it is running?

Second tip: does this authentication flow go via the firewall that has the LOM installed. Just from practical view: imagine firewall is crashed and you have to login. LOM tries to do RADIUS traffic via the firewall that has crashed and then you cannot login. Bit like chicken and egg discussion 😉

Re: LOM port configuration with radius

the_rock — Wed, 15 Oct 2025 22:02:06 GMT

Hopefully TAC can help you fix it.

Re: LOM port configuration with radius

the_rock — Thu, 16 Oct 2025 06:31:06 GMT

Please let us know once this is solved.

Thank you!

Re: LOM port configuration with radius

genisis__ — Thu, 16 Oct 2025 08:11:36 GMT

100% Lesley!

also here's the link to the firmware page:
https://support.checkpoint.com/results/sk/sk88064

routing, firewall rules all should be considered (could even be asymmetric routing issue, the other test that can be done, and I know it may not be practical, configure a dummy switch with 'aaa' configuration using RADIUS, give it the same IP as the LOM (clearly both should not be on the same network), and test, if this work you have then isolated the issue to the Checkpoint appliance and can take the next steps accordingly.