This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Leader_Kiongi
Contributor
‎2022-09-02 01:23 AM

Radius Authentication doesn't work on Cloudguard IaaS in Azure

Hello,

 

We’ve configured RADIUS authentication on our Check Point devices using the configuration:

 

add aaa radius-servers priority 1 host <Primary_RADIUS_Server_IP_Address> port 1812 secret <shared_key_1> timeout 3

set aaa radius-servers default-shell /bin/bash

set aaa radius-servers super-user-uid 0

add aaa radius-servers priority 2 host <Secondary_RADIUS_Server_IP_Address> port 1812 secret <shared_key_2> timeout 3

set aaa radius-servers default-shell /bin/bash

set aaa radius-servers super-user-uid 0

add rba role radius-group-any domain-type System all-features

save config

 

It works well for all onsite gateways and we access devices directly in expert mode.

 

For our CloudGuard IaaS in Azure, the authentication works but we cannot perform some commands in Expert Mode (see enclosed). 

 

 

Thanks in advance for your support.

 

Regards,

Alain IKULA

 

Preview file
182 KB
0 Kudos
4 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-09-02 05:00 AM

Is it always the same commands that fail and how many admins are connected?

If there are parallel sessions do the privileges change upon logout of the other user or it happens regardless?

CCSM R77/R80/ELITE
0 Kudos
Leader_Kiongi
Contributor
‎2022-09-02 05:37 AM
In response to Chris_Atkinson

Thank you Chris for your feedback. 

I haven't tested all expert mode commands but it looks like most of them don't work (cpconfig, cphaprob stat, cphaprob -a if, etc...). So far, only ifconfig and netstat work. I'm the only connected admin. 

 

Thanks !

 

Regards,

Alain IKULA

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-09-02 07:13 AM
In response to Leader_Kiongi

Understood,if the issues persist with the latest GA Jumbo applied for your version I would consult further with TAC on the issue.

CCSM R77/R80/ELITE
0 Kudos
Leader_Kiongi
Contributor
‎2022-09-02 08:07 AM
In response to Chris_Atkinson

We're on R80.30 Take 251. The latest GA Jumbo for this version is Take 254. I've raised a case with TAC.

 

Thanks !

Regards,

Alain IKULA

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events