Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sharma_Prashant
Participant

LDAP Vs RADIUS Licensing

During the integration , LDAP require License but not RADIUS ..what could be the reason...?

0 Kudos
2 Replies
Timothy_Hall
Champion
Champion

I assume you are referring to the UserDirectory/SmartDirectory blade license for the SMS.  Assuming that you have a license for Identity Awareness (which has been included free of charge since R75) there is no need for a User Directory license on the SMS unless:

1) You are doing a read/write integration between Check Point and LDAP, in other words having the ability to manage and edit users in the LDAP database directly from the Check Point GUI tools.  This is almost never done outside of a lab due to threats of dire physical harm courtesy of your LDAP server administrator, and every LDAP integration I've seen in production is read-only.

2) You are performing an LDAP integration with something other than Microsoft Active Directory (i.e. Netscape, OPSEC, Novell Edirectory, etc).  Pretty rare these days but not unheard of.

3) You are using the legacy User/Session/Client authentication methods (*shudder*) and want to use LDAP credentials with them.

Those are the only use cases for the UserDirectory/SmartDirectory blade license I can recall, if there are others I'm sure someone else will speak up.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Watch My 2023 CPX360 Speech Titled "Max Power
Reloaded: R81+ Gateway Performance Innovations"
0 Kudos
Sharma_Prashant
Participant

Only one question ..prior or upto  R75 the R/W permission to the user database was there...right..:)

0 Kudos