Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
charlie
Explorer

Tacacs+ on different port

Hello,

I need to contact the Tacacs server from the Security Gateway on a custom port instead of the default port(49).
Standard step don't include the option to set the port. There is a way to change the port 49?


Regards,

Charlie

0 Kudos
8 Replies
the_rock
Authority
Authority

Are you not able to create custom service and then assign a port to it?

0 Kudos
charlie
Explorer

The source it's the Firewall that have a tacacs configured, but for some reason we need to change the port from 49 to a new one.
From Firewall I can set priority, ip and the key, but I need to change the port.

0 Kudos
the_rock
Authority
Authority

Would you mind share screenshot?

0 Kudos
charlie
Explorer

This is the Checkpoint Tacacs+ server configuration

Tacacs.PNG

I hope that there is a conf file where I can change the default port

0 Kudos
the_rock
Authority
Authority

Ok, got it. Not sure if below link might help, but maybe someone else can chime in. I know you can change ssh port easily from /etc/ssh, but I dont see anything in /etc for tacacs, really sorry mate.

 

https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...

0 Kudos
Timothy_Hall
Champion
Champion

It appears the only way to do this is to hack the tacacs service definitions in the /etc/services file from expert mode; I just tried changing the TACACS port to 149, rebooted and it worked.  The /etc/services file is not auto-generated upon Gaia system startup so your changes should stick. 

However be sure to document this /etc/services file change as it is likely to get overwritten by a version upgrade or even possibly a Jumbo HFA installation.  You'll need to manually check that your port change survived after either of these types of operations.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
charlie
Explorer

Thanks!!!

I'm going to discuss with the Team If we really need to perform this change or we can avoid

Regards

0 Kudos
the_rock
Authority
Authority

Thanks Tim, thats good to know!!

0 Kudos