Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dannylirizarry
Explorer

Check Point dropping Radius Packets from Server back to Controller

I am currently configuring two Aruba 505 IAP's to use RADIUS authentication with our AD. The virtual controller and the server are found in separate VLANs, with the Check Point firewall between them. We observed, using tcp dumps and Wireshark, that the RADIUS packets sent by the controller would travel through the firewall and make it to the server, but the controller would never receive a access allow or deny message from the server.In other words the RADIUS packets sent by the server to the controller were lost, with no logs from the firewall.

To confirm that the controller and server RADIUS configuration were correct, we temporarily moved the AP's and controller to the server network segment to bypass the firewall. When in the same segment the RADIUS authentication was working just fine between them. 

Creating an IPSEC tunnel between the controller and server are out of the equation, since the client desires traffic between the two to be visible by the firewall. I have confirmed that the firewall Allows IP Fragments to go through, since I saw that others had this issue with RADIUS.

The controller and server can communicate with each other through the firewall using ping. We are using a 5000 appliance with Gaia OS R80.30.

Any help would be greatly appreciated, thanks!

0 Kudos
1 Reply
HeikoAnkenbrand
Champion Champion
Champion

Hi @dannylirizarry,

1) Can you see anything in the firewall logs?

2) Is the routing okay?

3) Are packets dropped by the firewall?
# fw ctl zdebug drop | grep <aruba ip>

4) What can be seen with:
# fw monitor -e "accept(host=<aruba ip>);"

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events