Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] SecurID Authentication

from Reinhard Stich [Permanent Link]
Subject: Re: [FW-1] SecurID Authentication
From: Reinhard Stich <r.stich AT INTERNET-SECURITY DOT AT>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Thu, 28 Jul 2005 15:44:40 +0200 
hi,

maybe you can try to use radius as a workaround ...?

and check if DNS-resolving works for the hosts (firewall and ace-server)

cheers
reinhard

At 15:07 28.07.2005, you wrote:

Hi Steven,

something obvious:
Do you have configured the user to do SecureID authentication and installed policy afterwards? 

Have you created the sdopts.rec file as Loge wrote?
What about Rules? RSA-Authentication is 5500/udp and 5510/tcp. Dropped by Rule?? ;-) 

The other obviuos: What's written in the logs on the RSA-Server?

Regards
Torsten Goedicke

> -----Ursprüngliche Nachricht-----
> Von: Steven Leow
> Gesendet: Donnerstag, 28. Juli 2005 06:26
> An: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Betreff: Re: [FW-1] SecurID Authentication
>
>
> I'm still unable to login... Any idea?
>
> Steps done:
> - I have added the Client in the RSA server for the cluster
> and cluster members
> - Copied the file into both cluster member /var/ace
> - cpstop and cpstart...
>
>
>
>
> Loge VK <logevk AT GMAIL DOT COM> wrote:
> apart from copying file to /var/ace directory on ur linux enforcement
> module create another file sdopts.rec having contents as
> CLIENT_IP= where is the IP address of the interface of
> firewall with which u want to talk to RSA server. CP has problems
> specifically in *nix platforms if u don't have this file......
>
> -Loge
>
> On 7/26/05, Steven Leow wrote:
> > Hi,
> >
> > I have a windows management server and linux-based
> enforcement module with clustering. I'm trying to setup the
> RSA authentication. On the RSA server, should i add the agent
> host for management server or the enforcement module? And the
> sdconf.rec file, i should copy where?
> >
> > Thanks!
> > Leow
> >

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


--
Reinhard Stich  ASSIST  R.Stich AT internet-security DOT at
Internet Security AG,      1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] Using SecureClient through Linksys Firewall, ross . bushby
Next by Date:  Re: [FW-1] Using SecureClient through Linksys Firewall, Scott Chason
Previous by Thread:  [FW-1] AW: [FW-1] SecurID Authentication, FWAdmin
Next by Thread:  [FW-1] remote access communities, Gary Scott
Indexes:  [Date] [Thread] [Top] [All Lists]