Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Laurence_Curlin
Explorer
Jump to solution

Radius Authentication on VMSS

Hi

 

I have an issue where I am trying to configure Radius auth to the firewalls that will be replicated during a scale out event, is this possible ? 

I have considered the possibility of simply adding the clish commands to the autoprov script could this work? any help will be greatly appreciated.

 

Thank you in advance, 

0 Kudos
1 Solution

Accepted Solutions
AyGit
Contributor

Hi,

Try this:

  1. create a script in the SMS --> vi $FWDIR/conf/autoscaling-new-instance.sh
  2. add the line below in the shell script:

    #! /bin/bash
    clish -c 'add aaa radius servers priority 1 host <@IP> port 1812 secret timout 30'
    clish -c 'add aaa radius servers default-shell /bin/bash'
    clish -c 'add aaa radius servers super-user-uid 0'

  3. Assign the execute permission to the shell script --> chmod u+x $FWDIR/conf/autoscaling-new-instance.sh
  4. Configure CME and set the relevant template to use this script --> autoprov_cfg set template –tn <CONFIGURATION-TEMPLATE-NAME> –cg $FWDIR/conf/autoscaling-new-instance.sh

You can add other command in the script for automation purpose.

Regards

View solution in original post

(1)
3 Replies
AyGit
Contributor

Hi,

Try this:

  1. create a script in the SMS --> vi $FWDIR/conf/autoscaling-new-instance.sh
  2. add the line below in the shell script:

    #! /bin/bash
    clish -c 'add aaa radius servers priority 1 host <@IP> port 1812 secret timout 30'
    clish -c 'add aaa radius servers default-shell /bin/bash'
    clish -c 'add aaa radius servers super-user-uid 0'

  3. Assign the execute permission to the shell script --> chmod u+x $FWDIR/conf/autoscaling-new-instance.sh
  4. Configure CME and set the relevant template to use this script --> autoprov_cfg set template –tn <CONFIGURATION-TEMPLATE-NAME> –cg $FWDIR/conf/autoscaling-new-instance.sh

You can add other command in the script for automation purpose.

Regards

(1)
Laurence_Curlin
Explorer

Absolutely awesome, thank you very much for that information, I have been searching for ages for clear concise instructions like that.

Chris_Atkinson
Employee Employee
Employee
Parameter Value Description

-cg

CUSTOM_GATEWAY_SCRIPT

A path of a script on the Management Server that will be run on the gateways after the policy installation.

You can add parameters to the script by separating them with spaces. The script should be located in $FWDIR/conf directory, which should only have admin read permissions.

For example: "$FWDIR/conf/gw-script.sh param1 param2 ..."

You can set one custom gateway script for each template.

If you configure Management Data Plane Separation (MDPS), ensure the script is compatible.

 

Refer: https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CME/Content/Topics-CME/CME_Structure_... 

 

Adding this for searchability of CME gateway script examples.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.