Secure the GenAI Revolution!
The All-New GenAI Security from Check Point
Transform Your Data Center Management:
The Power of Check Point's MFaaS
Forwarding Events to 3rd-party SIEM
Help us with the Short-Term Roadmap
Mastering Endpoint Security -
Best Practices for 2024
CheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!
CheckMates Go:
Recently on CheckMtaes
I would not do radius_retrant_timout for 15 seconds if you have Radius_connect_timeout as 40 with the amount of servers and server attempts you have set.
I would do this.
This would give each server 3 attempts of communication, each 5 seconds apart.
meaning server 1 would get 15 seconds of attempt time, before moving on to the 2nd server.
2nd server would get its 3 attempts over another 15 seconds.
Totaling 30 seconds out of the 40 seconds that is permitted (radius_connect_timeout).
so you would see a tcpdump as this if both servers are failing
in seconds
00s source >>> destination_server1
05s source >>> destination_server1
10s source >>> destination_server1
15s source >>> destination_server2
20s source >>> destination_server2
25s source >>> destination_server2
note that 5 seconds per server may need adjusting based on your environment needs and you have to adjust as needed
Follow this train of thought:
Number of Radius servers + (1+radius_retrant_num) + radius_retrant_timeout = radius_connect_timeout +10 extra seconds
Example
2 servers + (1+2) + 5 = X +10 extra seconds
2 + (3) + 5 = X +10 extra seconds
X = 30 + 10 extra seconds
radius_connect_timeout = 40
*note: (radius_retrant_num)
you can set this to zero, and the gateway will still attempt once,
(radius_retrant_num) is more a value for Re-attempts so its 1 + # of retries
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
