Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

RADIUS accounting not sent

Hi,

I use ISE radius server for authentication for VPN users. I setup radius accounting in Identity awareness tab of the gateway. When I do the wireshark I cant see any accounting messages sent from check point to ise. Is it normal behaviour or bug?

thank you 

0 Kudos
5 Replies
Highlighted
Employee++
Employee++

The use case for Radius Accounting here is reversed.

Cisco would send Acct to CP and we would read user ID mappings from these records.

0 Kudos
Highlighted
Advisor

I don't think that is correct. I don't think there is any flow that starts with a radius server communicating with the client (checkpoint). Also what you're describing sounds more like authentication reply traffic and not accounting.

0 Kudos
Highlighted
Advisor

I don't think checkpoint generates accounting packets vpn sessions.

Phoneboy said this  

0 Kudos
Highlighted
Employee++
Employee++

In the context of Identity awareness this is how it works but this is not what the OP is trying to achieve.

0 Kudos
Highlighted
Admin
Admin

What you're setting up in the Identity Awareness tab of the gateway is what identity sources are being consumed.
We do consume RADIUS Accounting messages from other sources, but do not send them.

0 Kudos