Hi,
I was playing with 802.1x once in the past. My setup was
- cisco 29XX series switch
- Interity server (configured as RADIUS proxy)
- MS IAS/DC server acting as RADIUS/AD server for authenticating users
It took more than 30 seconds for the compliant client to became part of
compliant production VLAN, which was too long for me at that moment. The
problem is in architecture:
Integrity client first needs IP connectivity with Integrity server for
compliancy checking proccess. This means, that client is first associated with
quarantine VLAN (one DHCP pool), checked with Integrity server for compliancy
(heart beat) and later moved to production VLAN.
Cisco NAC is working much quicker on that level, because it uses RADIUS for
compliancy checking...
If someone else has different experiences, I'm interested for info too.
Regards
Andrej
________________________________
From: Mailing list for discussion of Firewall-1 on behalf of Michael
Schwartzkopff
Sent: tor 9/26/2006 12:20
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Integrity anyone?
Hi,
Anyone using Integrity? Could you please share your experiences.
How is 802.1x integration with Windows logon?
What technology does Integrity use for 802.1x integration? RADIUS?
How does it scale (>> 1000 user)?
How is high availability: load sharing or round robin? How does the client
know what the "closest, fastest" Integrity server is?
What OS is preferred for the server? Linux or Win?
What possibilities exist to have PCs with the Integrity client and clientless
PCs in the same net?
Thanks for hints.
Michael
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
