I was going through integration of securID RSA Auth. Manager with CheckPoint Cluster (2x5200 NGGW's with 77.30 Gaia on it).
Made one object for checkpoint agent on RSA auth. manager console (with ip of CP cluster). What name i have to put here? There is written to put name of securID agent object in CheckPoint smart dashboard. What is that name (securID server object? or someting else?).
I have configured External user profile with match-all-users option (is this correct? we need to forward all auth request to RSA Auth. manager. In CheckPoint endpoint security vpn client we have three fields (username, PIN and token)). We have one passphrase (PIN and token), for one user. Is this only one factor or two? I am confused here.
I have configured this external user group to be part of new user group securid_user_grupa:
I have put authentication sheme securid for this external user profile:
I have put this user group in remote access community for RAVPN connections:
I have put the same sdconf.rec file on both gw's in cluster (active and standby) on path /var/ace/
Installed policy and authentication does not work, zero packets going from CP cluster to RSA auth. manager.
In vpn debug log files there is error “Access denied - wrong user name or password”.
It is like CP tries to authenticate users in internal user database in MGMT server.
I off course put in GW>>>VPNClient>Auth.>>>auth sheme to securID (chose securID server object).
Do I have to do cpstop/cpstart on gw's to make this work?
Eny suggestion? Maybe I have to change in external user profile type to match by domain?
Do i have to check this box omit domain name when auth. users?
Thanks Everyone for help.
Any help would be appreciated a lot.