Hello Team,
I was going through integration of securID RSA Auth. Manager with CheckPoint Cluster (2x5200 NGGW's with 77.30 Gaia on it).
Made one object for checkpoint agent on RSA auth. manager console (with ip of CP cluster). What name i have to put here? There is written to put name of securID agent object in CheckPoint smart dashboard. What is that name (securID server object? or someting else?).
![name of rsa agent object](/legacyfs/online/checkpoint/67072_securID server name.png)
I have configured External user profile with match-all-users option (is this correct? we need to forward all auth request to RSA Auth. manager. In CheckPoint endpoint security vpn client we have three fields (username, PIN and token)). We have one passphrase (PIN and token), for one user. Is this only one factor or two? I am confused here.
![external user group - generic*](/legacyfs/online/checkpoint/67073_external user group.png)
I have configured this external user group to be part of new user group securid_user_grupa:
![external user profile as part of user group](/legacyfs/online/checkpoint/67074_external user group1.png)
I have put authentication sheme securid for this external user profile:
![external user profile authentication sheme](/legacyfs/online/checkpoint/67075_external user profile authentication.png)
I have put this user group in remote access community for RAVPN connections:
![remoteaccess community with securid user group in it](/legacyfs/online/checkpoint/67076_remoteaccess community.png)
I have put the same sdconf.rec file on both gw's in cluster (active and standby) on path /var/ace/
Installed policy and authentication does not work, zero packets going from CP cluster to RSA auth. manager.
In vpn debug log files there is error “Access denied - wrong user name or password”.
It is like CP tries to authenticate users in internal user database in MGMT server.
I off course put in GW>>>VPNClient>Auth.>>>auth sheme to securID (chose securID server object).
Do I have to do cpstop/cpstart on gw's to make this work?
Eny suggestion? Maybe I have to change in external user profile type to match by domain?
![external user profile details](/legacyfs/online/checkpoint/67077_external user profile details.png)
Do i have to check this box omit domain name when auth. users?
Thanks Everyone for help.
Any help would be appreciated a lot.