Radius on SMB

velo · ‎2025-07-02

I have Quantum SMB Gateways that are centrally managed (81.10.10 on Gateways) All Gateways Have a VPN back to the DC. I have a Radius is in the DC.

The problem I'm having is Radius requests originating from the firewall leave via public. As the VPNs are policy-based there are no routes on the Gateway for the DC.

I have found the below article

https://support.checkpoint.com/results/sk/sk119415

Option 1 is not there for me. Option 2 doesn't work (I add the route for a /32 to Radius but I can't ping it, or Radius doesn't work) If I do an extended ping with the LAN as source then it works fine.

Are there any other ways around this? Most other vendors have "source interface" settings for Radius, SNMP etc.

Thanks

PhoneBoy · ‎2025-07-02

The first option isn't there because your SMB device is centrally managed.
Can you confirm the kernel variable is set with fw ctl get int fw_enc_conns_use_internal?
It should return a 1 if it is set,

Note that the command to set it is transient (meaning if the unit reboots, the change is lost).
To make it permanent, follow the procedure here: https://sc1.checkpoint.com/documents/SMB_R81.10.X/CLI/EN/Content/Topics/kernel-parameter.htm

velo · ‎2025-07-03

That makes sense about centrally managed. Let me double check the variable and will come back to you. Thanks

Are you a member of CheckMates?

Radius on SMB