cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

RSA secure ID authentication for checkpoint gateways and Management

when we want to enable secure ID authentication for checkpoint gateways we just need to copy the sdconf.rec file on the gateway on the CLI or do we need to configure through OPsec application also?

Checkpoint R80.10 security management doc says we just need to copy the file. But RSA doc insists to have an OPsec application configuration . can any one confirm on this?

0 Kudos
17 Replies

Re: RSA secure ID authentication for checkpoint gateways and Management

Hi, an OPSEC application object wouldn't be needed for the SecurID configuration. Sounds like you're looking at an RSA doc for their SIEM product integration. Here's a link to RSA's SecurID Integration Guides with Check Point. Would follow this and the Check Point docs. hth, bob

0 Kudos

Re: RSA secure ID authentication for checkpoint gateways and Management

can we enable Radius and SecureID auth together in checkpoint?

0 Kudos

Re: RSA secure ID authentication for checkpoint gateways and Management

RSA Ready Implementation Guide for RSA SecurID Access - RSA Link- This link has more information. Does not talk about whether we can enable both Radius and SecureID together

0 Kudos

Re: RSA secure ID authentication for checkpoint gateways and Management

in the RSA doc, they mentioned to modify the settings in the global propriety :

"Select Manage>Policy>Global Properties.
7. Select Manage>Policy>Global Properties.
8. Select Smart Dashboard Customization from the list of options.
9. Under the Advanced Configuration option, select the Configure button.
10. Select FireWall-1 >Authentication>RADIUS from the left toolbar.
11. Modify the radius ignore setting changing the default value of “0” to “76”."

does this affect other Radius server properties configured on the MGMT

0 Kudos
Admin
Admin

Re: RSA secure ID authentication for checkpoint gateways and Management

This is for authenticating users going through the Security Gateway, not for ones authenticating to it for Gaia SSH/WebUI.

0 Kudos
Admin
Admin

Re: RSA secure ID authentication for checkpoint gateways and Management

Is the RADIUS server in question different from your SecurID server?

Most of the recent SecurID installs I've seen recently integrate through RADIUS instead of using sdconf.rec.

Either way, you should be able to do both.

0 Kudos

Re: RSA secure ID authentication for checkpoint gateways and Management

Agree. is there any advantages using Radius over sdconf.rec

0 Kudos
Admin
Admin

Re: RSA secure ID authentication for checkpoint gateways and Management

As far as I know, no significant differences.

0 Kudos

Re: RSA secure ID authentication for checkpoint gateways and Management

Thanks. have you enabled MFA ( secure ID and Radius )for SSH/WEB logins for security gateways . or will it support?

0 Kudos
Highlighted
Admin
Admin

Re: RSA secure ID authentication for checkpoint gateways and Management

If you want SecurID with SSH or Gaia WebUI, you have to configure it with RADIUS, not sdconf.rec.

The Gaia OS SSH/WebUI does not support the sdconf.rec method.

0 Kudos

Re: RSA secure ID authentication for checkpoint gateways and Management

so If I use RADIUS client ( RSA) will it support both MFA for ssh/WEB?

0 Kudos
Admin
Admin

Re: RSA secure ID authentication for checkpoint gateways and Management

Yes

0 Kudos

Re: RSA secure ID authentication for checkpoint gateways and Management

will checkpoint 1200R Embeded Gaia will support RSA auth with Radius?

0 Kudos
Admin
Admin

Re: RSA secure ID authentication for checkpoint gateways and Management

With RADIUS? Yes.

The sdconf.rec method is not supported on the SMB appliances.

Shinn_Ho
Iron

Re: RSA secure ID authentication for checkpoint gateways and Management

I've tried to use RADIUS(RSA AM) server, the AD user can login into Dashboard/WebUI/CLI with SecurID Access Authenticator, but I've tried using RSA cloud radius authentication, cannot success to do so but SSL VPN and VPN client working fine with MFA(bio/push notification), did Check Point support login Dashboard/WebUI/CLI using RSA cloud radius?

0 Kudos

Re: RSA secure ID authentication for checkpoint gateways and Management

Pretty sure our Dashboard/WebUI/CLI doesn't support the CHALLENGE-RESPONSE needed for MFA. 

0 Kudos

Re: RSA secure ID authentication for checkpoint gateways and Management

finally I used Microsoft NPS as proxy for RSA secure ID and it works for ssh/web logins for checkpoint firewalls

0 Kudos