Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] SecurID Config

from Erin Young [Permanent Link]
Subject: Re: [FW-1] SecurID Config
From: Erin Young <y_erin AT HOTMAIL DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Thu, 29 Jun 2006 13:04:26 +0000
Before I do the below - is Native mode or Radius mode easier to impliment? Right now I am trying Native mode. 



From: Erin Young <y_erin AT HOTMAIL DOT COM>
Reply-To: Mailing list for discussion of Firewall-1 <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM> 
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] SecurID Config
Date: Thu, 29 Jun 2006 11:44:46 +0000
I am now recieving the message ACEAGENT: The message entry does not exist for Message ID: 1008. The solution is to modify the table.def file so the communication on port 5500 between the fw interface and the ACE server is not hide natted behind the VIP. The rediculous thing is that I have to remember to add the entry every time I apply a hotfix to the management server. I'll see if it works. 



From: cisco4ng <cisco4ng AT YAHOO DOT COM>
Reply-To: Mailing list for discussion of Firewall-1 <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM> 
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] SecurID Config
Date: Wed, 28 Jun 2006 19:27:40 -0700

Hi,
The problem with Radius to proxy the auth requesto RSA is that you need a 
  Radius server to do this.  Furthermore, RSA ACE Server also comes with
  native radius so you don't really need to another radius box for proxy.
The problem with this solution is that radius is supported for P-1 authentication 
  in NGx R60 or higher.  It is NOT supported for NG with AI or lower.

  My 2c.

"Larson, Todd (LNG-DAY)" <Todd.Larson AT LEXISNEXIS DOT COM> wrote:
  Have you thought about using Radius to proxy the auth request to RSA,
it's much easier.


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Erin
Young
Sent: Wednesday, June 28, 2006 11:59 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] SecurID Config

I've tried the method using the vip defined in the agent host and no
luck,
so i am know going to the next method, a seperate agent host for each of
the
Nokia's. I have two sets of documentation from checkpoint and one does
not
state anyhting about generating the node secret file for the agent host
while the other one does. Which is correct?

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================



---------------------------------
How low will we go? Check out Yahoo! Messenger?s low PC-to-Phone call rates. 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [FW-1] Public addresses on the inside..., Jason Ebersole
Next by Date:  Re: [FW-1] Public addresses on the inside..., Neil Kemp
Previous by Thread:  Re: [FW-1] SecurID Config, Erin Young
Next by Thread:  [FW-1] Provider-1 admin Authentication with SecureID, Dahate, Pramod, VF-AU
Indexes:  [Date] [Thread] [Top] [All Lists]