topic Re: Office "hotel" with multiple subnets on Radius in Spark Firewall (SMB)

Office "hotel" with multiple subnets on Radius

skandshus — Mon, 20 Mar 2023 13:54:16 GMT

Hello everyone.

Looking for some input here on how to proceed or verify my thoughts if i can be successful

The story goes:

I have a customer who runs an "office hotel" where multiple small IT company rent their offices.

Up until now things have been running smoothly. but now the tenant's are starting to grow & therefor needing their own Subnet for server, printer's, site-2-site vpn to azure/aws or whatever.

The subnets/vlan can be created easily and i can assign the client pc to whatever vlan from the switches. no problem here.

but. the wireless part. if i have to deploy vlan on ssid i will go over the limit of 4 ssid. Going past here will severly limit the performance. To overcome that issue we can create a Radius based setup and then have only 1 ssid, where you as a u ser input your username & password, and then you will be assigned your designated Vland.

So i am hoping someone have done this before, as i am uncertain if The Check Point firewall will "work" in this.

I have a Checkpoint 1570 model, which is running DHCP server too.

I also have a linux box running, where i intend to run the Radius part.

Does anybody have any experience on deploying this, and will check point work with this setup?
i have done it before on a Ubiquiti router which worked flawlessly, but i dont want to just expect it to work in check-point hence my question here, in the hopes that anybody is running something like this.

hardware: CheckPoint 1570, Ubuntu 22.04 server with Radius server(created with local users NO Active Directory)

Ubiquiti switch & Ubiquiti access-point.<< this part i got figured out, and have it working other places.

my thoughs on the connection flow here would be.> Endpoint connecting to SSID> Authenticant with username & password>Radius server recieving authentication credentials> Accept or drop> If accept> relay DHCP request to Check Point 1570> Deliver Ip address to endpoint from the Check Point

Hoping for someone here having some input to share

Have a nice day everyone

Re: Office "hotel" with multiple subnets on Radius

the_rock — Mon, 20 Mar 2023 21:51:07 GMT

That might be worth TAC case, for sure. I never did something like that on 1570, but similar setup, but way higher model.

Re: Office "hotel" with multiple subnets on Radius

skandshus — Mon, 20 Mar 2023 23:35:43 GMT

I take it you did it in a Gaia os instead in the embedded Gaia?

Re: Office "hotel" with multiple subnets on Radius

the_rock — Mon, 20 Mar 2023 23:47:32 GMT

Correct.

Re: Office "hotel" with multiple subnets on Radius

skandshus — Tue, 21 Mar 2023 07:56:40 GMT

Curious about it.. did it just work or did you have any issues deploying or in the everyday? Is the Gaia the dhcp server?

Re: Office "hotel" with multiple subnets on Radius

the_rock — Tue, 21 Mar 2023 11:40:54 GMT

This was few years ago mind you, I believe version was R80.20 and yes, it just worked, did not have any setbacks. Thats right, gaia was used as the dhcp server. Honestly, I dont know how 1570 would behave, though it sort of goes without saying, I would make sure that you upgrade it to the latest version available.

It would help if you had small network diagram (just draw something simple in paint), so we can go over it carefully to make sure nothing is missed.