Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

RADIUS Authentication over Site-to-Site VPN

Jump to solution

I have set up a Radius Server to authenticate remote-access VPN clients. The Radius server is located at a remote site connected via Site-to-Site VPN on the same gateway the clients connect to.

Authentication fails because the request to the Radius server does not go through the VPN tunnel. Logs show traffic is accepted by an implied rule and consequently not encrypted.

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Admin
Admin
You need to disable the implied rule for RADIUS.
You can do that by editing the appropriate implied_rules.def, ensuring explicit rules exist for RADIUS where needed and installing policy.
Refer to: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

0 Kudos
2 Replies
Highlighted
Admin
Admin
You need to disable the implied rule for RADIUS.
You can do that by editing the appropriate implied_rules.def, ensuring explicit rules exist for RADIUS where needed and installing policy.
Refer to: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

0 Kudos
Highlighted
Thanks. I couldn't figure out where to disable the implied rule.
We've established communication with the Radius server now.
0 Kudos