This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
cassiomaciel
Contributor
Contributor
‎2023-11-06 06:48 AM
Jump to solution

Fine tuning on tacacs+ authentication

Hi CheckMates,

I've configured tacacs+ on my gateways and it's working properly.

However, when the user type a bad password, the account is locked instantly on AD.

The gateway is retrying the same authentication with bad credentials, until the user got blocked.

I would like to know, if is there any fine tuning on tacacs configuration in the gateways to avoid this problem.

I'm using 2 tacacs servers with 60s of timeout.

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-11-07 12:36 PM
In response to cassiomaciel
Jump to solution

Not sure if it should be trying to authenticate on both TACACS+ servers.
A TAC case is probably warranted here: https://help.checkpoint.com 

View solution in original post

3 Replies
PhoneBoy
Admin
Admin
‎2023-11-06 03:12 PM
Jump to solution

What version/JHF?
What functionality is TACACS+ configured to provide authentication for?

0 Kudos
cassiomaciel
Contributor
Contributor
‎2023-11-07 11:25 AM
In response to PhoneBoy
Jump to solution

Hi,

All gateways are in R81.10 with JHF 95 or JHF 110, also I've a mix of maestro and traditional clusters.

We're using TACACS+ to authenticate users by console via ssh and gaia via https.

We configured the roles TACP-0 with a few features in read-only and some custom commands and TACP-15 with all features in read-write.

On my TACACS+ server, I noticed 2 attempts in a row, coming from the gateway with a difference of 6s or less, the gateway is trying to authenticate on both servers, that result in 4 failed authentications.

Our password policy on AD, block the user with 3 failed attemtps.

is it expected to gateway try authenticate the user twice? Is there any configuration that I can do or is better to open a case with TAC?

 

Preview file
77 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2023-11-07 12:36 PM
In response to cassiomaciel
Jump to solution

Not sure if it should be trying to authenticate on both TACACS+ servers.
A TAC case is probably warranted here: https://help.checkpoint.com 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events