This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ayoub_Boudegga
Explorer
‎2018-06-28 07:00 AM

R80 : Tacacs in VPN

Hello Guys,

I want to set up tacacs authentication IN VPN , if someone from X network tries to connect to checkpoint Firewall (Gaia or Clish) in Site A , the firewall connect to  an ACS Server in Site B to authenticate him , how can i do that ?

0 Kudos
2 Replies
Houssameddine_1
Collaborator
‎2018-06-28 07:19 AM

You might need to follow these steps:

- Configure GAIA OS to authenticate against your tacacs server using cli or webui

- Configure the site to site vpn between the gateways and make sure that the tacacs server is part of the encryption domain

- The tricky part any traffic matches implied rules will not be encrypted you might do the following:

       - In global properties set the "Accepte outgooing packets originating from gateway to be before last"

       - if the above option doesn't work you might need to to disable tacacs in implied_rules.def file on the mgmt server and create rule o allow the firewall to access the tacacs server and push policy

Thanks

0 Kudos
Ayoub_Boudegga
Explorer
‎2018-06-28 09:03 AM
In response to Houssameddine_1

thank you for answering , yes this is the issue  , the traffic toward my ACS is not encrypted  .

I swicth to Radius and i can seee that traffic is now encrypted , authentication doesnt work but its progress Smiley Happy . thank you 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events