Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sharma_Prashant
Participant

LDAP Vs RADIUS Licensing

During the integration , LDAP require License but not RADIUS ..what could be the reason...?

0 Kudos
2 Replies
Timothy_Hall
Champion
Champion

I assume you are referring to the UserDirectory/SmartDirectory blade license for the SMS.  Assuming that you have a license for Identity Awareness (which has been included free of charge since R75) there is no need for a User Directory license on the SMS unless:

1) You are doing a read/write integration between Check Point and LDAP, in other words having the ability to manage and edit users in the LDAP database directly from the Check Point GUI tools.  This is almost never done outside of a lab due to threats of dire physical harm courtesy of your LDAP server administrator, and every LDAP integration I've seen in production is read-only.

2) You are performing an LDAP integration with something other than Microsoft Active Directory (i.e. Netscape, OPSEC, Novell Edirectory, etc).  Pretty rare these days but not unheard of.

3) You are using the legacy User/Session/Client authentication methods (*shudder*) and want to use LDAP credentials with them.

Those are the only use cases for the UserDirectory/SmartDirectory blade license I can recall, if there are others I'm sure someone else will speak up.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Sharma_Prashant
Participant

Only one question ..prior or upto  R75 the R/W permission to the user database was there...right..:)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events