https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-on-Gaia-Embedded/m-p/5273#M86 <HTML><HEAD></HEAD><BODY><P>Thanks Dameon -- I'm opening up a case with our engineers and I'll see if they have the same "fix".</P></BODY></HTML> Mon, 14 Aug 2017 19:16:08 GMT Bryce_Myers 2017-08-14T19:16:08Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-on-Gaia-Embedded/m-p/5271#M84 <HTML><HEAD></HEAD><BODY><P>Does anyone here have Radius configured on their Gaia Embedded boxes?</P><P></P><P>I have it working fine from the CLI, but when someone tries to login to&nbsp;the WebUI it instantly returns "invalid username or password". &nbsp;I am currently running R77.20.51 on these boxes. &nbsp;I did a tcpdump and I see the radius traffic when a CLI attempt is made, but no radius traffic when an attempt is made from the WebUI.</P><P></P><P>I went through the Gaia Embedded documentation related to radius and I didn't see anything about this being a known limitation.</P></BODY></HTML> Mon, 14 Aug 2017 18:03:11 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-on-Gaia-Embedded/m-p/5271#M84 Bryce_Myers 2017-08-14T18:03:11Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-on-Gaia-Embedded/m-p/5272#M85 <HTML><HEAD></HEAD><BODY><P>It appears that certain characters in the RADIUS shared secret are problematic for logging in via the WebUI.</P><P></P><P>This was an issue targeted to be resolved in the&nbsp;R77.20.60 release, which can be downloaded here:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk117732" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk117732">R77.20.60 for Small and Medium Business Appliances</A>&nbsp;</P><P>If this doesn't resolve the issue,&nbsp;I recommend opening a TAC case.</P></BODY></HTML> Mon, 14 Aug 2017 18:51:53 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-on-Gaia-Embedded/m-p/5272#M85 PhoneBoy 2017-08-14T18:51:53Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-on-Gaia-Embedded/m-p/5273#M86 <HTML><HEAD></HEAD><BODY><P>Thanks Dameon -- I'm opening up a case with our engineers and I'll see if they have the same "fix".</P></BODY></HTML> Mon, 14 Aug 2017 19:16:08 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-on-Gaia-Embedded/m-p/5273#M86 Bryce_Myers 2017-08-14T19:16:08Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-on-Gaia-Embedded/m-p/5274#M87 <HTML><HEAD></HEAD><BODY><P>I have no problem with it. All I did&nbsp;was run this commands in clish:</P><P></P><P>set radius-server priority 1 ipv4-address X.X.X.X&nbsp;udp-port 1812 shared-secret &lt;shared-secret&gt; timeout 5<BR />set administrators radius-auth enable use-radius-groups false permission read-write</P><P></P><P>Try to use a shared-secret with only letters and numbers&nbsp;for testing as Dameon suggested.</P></BODY></HTML> Mon, 14 Aug 2017 19:59:31 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-on-Gaia-Embedded/m-p/5274#M87 Pedro_Espindola 2017-08-14T19:59:31Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-on-Gaia-Embedded/m-p/5275#M88 <HTML><HEAD></HEAD><BODY><P>Also note, there are advanced settings for modifying the RADIUS timeouts. &nbsp;When using 2FA, you would be best to allow users more time to answer phone call/text or enter a TOTP code.</P></BODY></HTML> Mon, 11 Sep 2017 17:05:15 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-on-Gaia-Embedded/m-p/5275#M88 Kurtis_Johnson 2017-09-11T17:05:15Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-on-Gaia-Embedded/m-p/5276#M89 <HTML><HEAD></HEAD><BODY><P>R77.20.60 fixed our Radius issues.</P><P></P><P>The issue wasn't with the shared secret, rather which characters the WebUI will accept vs the CLI.</P><P></P><P>Prior to R77.20.60 if you used certain special characters in the WebUI - it would instantly tell you bad username/password.</P></BODY></HTML> Thu, 30 Nov 2017 19:10:09 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-on-Gaia-Embedded/m-p/5276#M89 Bryce_Myers 2017-11-30T19:10:09Z