Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ganeshan_dharm1
Participant

RSA secure ID authentication for checkpoint gateways and Management

when we want to enable secure ID authentication for checkpoint gateways we just need to copy the sdconf.rec file on the gateway on the CLI or do we need to configure through OPsec application also?

Checkpoint R80.10 security management doc says we just need to copy the file. But RSA doc insists to have an OPsec application configuration . can any one confirm on this?

0 Kudos
17 Replies
DeletedUser
Not applicable

Hi, an OPSEC application object wouldn't be needed for the SecurID configuration. Sounds like you're looking at an RSA doc for their SIEM product integration. Here's a link to RSA's SecurID Integration Guides with Check Point. Would follow this and the Check Point docs. hth, bob

0 Kudos
ganeshan_dharm1
Participant

can we enable Radius and SecureID auth together in checkpoint?

0 Kudos
ganeshan_dharm1
Participant

RSA Ready Implementation Guide for RSA SecurID Access - RSA Link- This link has more information. Does not talk about whether we can enable both Radius and SecureID together

0 Kudos
ganeshan_dharm1
Participant

in the RSA doc, they mentioned to modify the settings in the global propriety :

"Select Manage>Policy>Global Properties.
7. Select Manage>Policy>Global Properties.
8. Select Smart Dashboard Customization from the list of options.
9. Under the Advanced Configuration option, select the Configure button.
10. Select FireWall-1 >Authentication>RADIUS from the left toolbar.
11. Modify the radius ignore setting changing the default value of “0” to “76”."

does this affect other Radius server properties configured on the MGMT

0 Kudos
PhoneBoy
Admin
Admin

This is for authenticating users going through the Security Gateway, not for ones authenticating to it for Gaia SSH/WebUI.

0 Kudos
PhoneBoy
Admin
Admin

Is the RADIUS server in question different from your SecurID server?

Most of the recent SecurID installs I've seen recently integrate through RADIUS instead of using sdconf.rec.

Either way, you should be able to do both.

0 Kudos
ganeshan_dharm1
Participant

Agree. is there any advantages using Radius over sdconf.rec

0 Kudos
PhoneBoy
Admin
Admin

As far as I know, no significant differences.

0 Kudos
ganeshan_dharm1
Participant

Thanks. have you enabled MFA ( secure ID and Radius )for SSH/WEB logins for security gateways . or will it support?

0 Kudos
PhoneBoy
Admin
Admin

If you want SecurID with SSH or Gaia WebUI, you have to configure it with RADIUS, not sdconf.rec.

The Gaia OS SSH/WebUI does not support the sdconf.rec method.

0 Kudos
ganeshan_dharm1
Participant

so If I use RADIUS client ( RSA) will it support both MFA for ssh/WEB?

0 Kudos
PhoneBoy
Admin
Admin

Yes

0 Kudos
ganeshan_dharm1
Participant

will checkpoint 1200R Embeded Gaia will support RSA auth with Radius?

0 Kudos
PhoneBoy
Admin
Admin

With RADIUS? Yes.

The sdconf.rec method is not supported on the SMB appliances.

Shinn_Ho
Participant

I've tried to use RADIUS(RSA AM) server, the AD user can login into Dashboard/WebUI/CLI with SecurID Access Authenticator, but I've tried using RSA cloud radius authentication, cannot success to do so but SSL VPN and VPN client working fine with MFA(bio/push notification), did Check Point support login Dashboard/WebUI/CLI using RSA cloud radius?

0 Kudos
DeletedUser
Not applicable

Pretty sure our Dashboard/WebUI/CLI doesn't support the CHALLENGE-RESPONSE needed for MFA. 

0 Kudos
ganeshan_dharm1
Participant

finally I used Microsoft NPS as proxy for RSA secure ID and it works for ssh/web logins for checkpoint firewalls

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events