This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Laurence_Curlin
Explorer
‎2021-04-20 09:39 AM
Jump to solution

Radius Authentication on VMSS

Hi

 

I have an issue where I am trying to configure Radius auth to the firewalls that will be replicated during a scale out event, is this possible ? 

I have considered the possibility of simply adding the clish commands to the autoprov script could this work? any help will be greatly appreciated.

 

Thank you in advance, 

0 Kudos
1 Solution

Accepted Solutions
AyGit
Contributor
‎2021-04-20 04:30 PM
Jump to solution

Hi,

Try this:

  1. create a script in the SMS --> vi $FWDIR/conf/autoscaling-new-instance.sh
  2. add the line below in the shell script:

    #! /bin/bash
    clish -c 'add aaa radius servers priority 1 host <@IP> port 1812 secret timout 30'
    clish -c 'add aaa radius servers default-shell /bin/bash'
    clish -c 'add aaa radius servers super-user-uid 0'

  3. Assign the execute permission to the shell script --> chmod u+x $FWDIR/conf/autoscaling-new-instance.sh
  4. Configure CME and set the relevant template to use this script --> autoprov_cfg set template –tn <CONFIGURATION-TEMPLATE-NAME> –cg $FWDIR/conf/autoscaling-new-instance.sh

You can add other command in the script for automation purpose.

Regards

View solution in original post

(1)
3 Replies
AyGit
Contributor
‎2021-04-20 04:30 PM
Jump to solution

Hi,

Try this:

  1. create a script in the SMS --> vi $FWDIR/conf/autoscaling-new-instance.sh
  2. add the line below in the shell script:

    #! /bin/bash
    clish -c 'add aaa radius servers priority 1 host <@IP> port 1812 secret timout 30'
    clish -c 'add aaa radius servers default-shell /bin/bash'
    clish -c 'add aaa radius servers super-user-uid 0'

  3. Assign the execute permission to the shell script --> chmod u+x $FWDIR/conf/autoscaling-new-instance.sh
  4. Configure CME and set the relevant template to use this script --> autoprov_cfg set template –tn <CONFIGURATION-TEMPLATE-NAME> –cg $FWDIR/conf/autoscaling-new-instance.sh

You can add other command in the script for automation purpose.

Regards

(1)
Laurence_Curlin
Explorer
‎2021-04-20 11:06 PM
In response to AyGit
Jump to solution

Absolutely awesome, thank you very much for that information, I have been searching for ages for clear concise instructions like that.

Chris_Atkinson
Employee
Employee
‎2023-08-18 04:40 AM
In response to Laurence_Curlin
Jump to solution

Parameter Value Description

-cg

CUSTOM_GATEWAY_SCRIPT

A path of a script on the Management Server that will be run on the gateways after the policy installation.

You can add parameters to the script by separating them with spaces. The script should be located in $FWDIR/conf directory, which should only have admin read permissions.

For example: "$FWDIR/conf/gw-script.sh param1 param2 ..."

You can set one custom gateway script for each template.

If you configure Management Data Plane Separation (MDPS), ensure the script is compatible.

 

Refer: https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CME/Content/Topics-CME/CME_Structure_... 

 

Adding this for searchability of CME gateway script examples.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events