Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
skandshus
Advisor
Advisor

Office "hotel" with multiple subnets on Radius

Hello everyone.

 

Looking for some input here on how to proceed or verify my thoughts if i can be successful

 

The story goes:

 

I have a customer who runs an "office hotel" where multiple small IT company rent their offices.

 

Up until now things have been running smoothly. but now the tenant's are starting to grow & therefor needing their own Subnet for server, printer's, site-2-site vpn to azure/aws or whatever.

The subnets/vlan can be created easily and i can assign the client pc to whatever vlan from the switches. no problem here.

 

but. the wireless part. if i have to deploy vlan on ssid i will go over the limit of 4 ssid. Going past here will severly limit the performance. To overcome that issue we can create a Radius based setup and then have only 1 ssid, where you as a u ser input your username & password, and then you will be assigned your designated Vland.


So i am hoping someone have done this before, as i am uncertain if The Check Point firewall will "work" in this.

I have a Checkpoint 1570 model, which is running DHCP server too.

I also have a linux box running, where i intend to run the Radius part.


Does anybody have any experience on deploying this, and will check point work with this setup?
i have done it before on a Ubiquiti router which worked flawlessly, but i dont want to just expect it to work in check-point hence my question here, in the hopes that anybody is running something like this.


hardware: CheckPoint 1570, Ubuntu 22.04 server with Radius server(created with local users NO Active Directory)

Ubiquiti switch & Ubiquiti access-point.<< this part i got figured out, and have it working other places.


my thoughs on the connection flow here would be.> Endpoint connecting to SSID> Authenticant with username & password>Radius server recieving authentication credentials> Accept or drop> If accept> relay DHCP request to Check Point 1570> Deliver Ip address to endpoint from the Check Point 

Hoping for someone here having some input to share 

Have a nice day everyone

5 Replies
the_rock
Legend
Legend

That might be worth TAC case, for sure. I never did something like that on 1570, but similar setup, but way higher model.

0 Kudos
skandshus
Advisor
Advisor

I take it you did it in a Gaia os instead in the embedded Gaia?

the_rock
Legend
Legend

Correct.

0 Kudos
skandshus
Advisor
Advisor

Curious about it..  did it just work or did you have any issues deploying or in the everyday? Is the Gaia the dhcp server?

0 Kudos
the_rock
Legend
Legend

This was few years ago mind you, I believe version was R80.20 and yes, it just worked, did not have any setbacks. Thats right, gaia was used as the dhcp server. Honestly, I dont know how 1570 would behave, though it sort of goes without saying, I would make sure that you upgrade it to the latest version available.

It would help if you had small network diagram (just draw something simple in paint), so we can go over it carefully to make sure nothing is missed.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events