This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JasonLaFrance
Explorer
‎2024-07-24 11:27 AM

RAIDUS to 9000 series LOM

We are setting up RADIUS from a 9100 LOM (R81.20 Take 65 Recommended)

LOM details: Hardware Revision 1.0
Firmware Version 7.12.1 (latest)
Firmware Build Time
 Feb 16 2024 | 11:50:40 CST
LOM Board IAC-AST2500

Our Policy server gets the request approves it and, on the response, back the LOM does not seem to know what to do with it and get a login denied.

Based on this guide we have setup correctly: Introduction (checkpoint.com)

But what is missing as a reply back from the RADIUS server is the privilege level.  In the Java guide there is note on how to configure that using:

  1. On the RADIUS server, set Reply-Message for the privilege for each user in the User file. Otherwise, LOM rejects the user account. The parameter in the file that defines privileges for LOM user is: Reply-Message = "privilege=<LEVEL>". Make sure that there are no blank spaces in the privilege parameter.

    The privilege levels are:

    Administrator Operator

    No-Access (user cannot log in to LOM)

    Sample parameter for a user with administrator privileges:

    Reply-Message = "privilege=AdministratorUser Settings (checkpoint.com)

However, there is no such setting called out for the HTML5 guide.  We tried using "privilege=Administrator" (with and without quotes) no avail.  We do see the RADUIS server accepting and approving the request.

A ticket is into support but wondering if anyone else has been successful.

 
0 Kudos
3 Replies
RafaelBedendo
Explorer
‎2024-07-25 01:21 PM

If you use Windows (NPS) for RADIUS authentication, check if you have KB5040268 or KB5040430, if yes, your issue may be fixed with a hotfix on top of R81.20 JHF 65 via TAC

Bug ID is PRHF-35233

0 Kudos
Robert_online
Explorer
‎2025-02-21 07:01 AM

Is there any update from support? 
We are having the same issue.

0 Kudos
Robert_online
Explorer
‎2025-02-21 07:25 AM

I've got it working with the "Reply-Message = privilege=Administrator"
It is not documented in the HTML5 indeed. Thanks for your post as it got me trying this option.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top