CP has an online doc to configure - it is for FP3 but should provide enough
guidelines for NGX - the underlying architecture has not changed and if
changed, let us know. Instead of 'generic*' user, you would need an external
user profile...
Here is the link to the doc:
http://dl3.checkpoint.com/paid/6b/msft_active_dir_ckp_ng_fp3.pdf?HashKey=1173098541_144083f43cd7e49a712e7b6218592e83&xtn=.pdf
hth,
Rajeev
On 3/4/07, cisco4ng <cisco4ng AT yahoo DOT com> wrote:
Hi Everyone,
I am wondering if someone has a detailed instructions on how to
make checkpoint firewall NGx R61 with HFA_01 and Microsoft LDAP
for SecureRemote users.
here is my situation:
I have a checkpoint firewall NGx R61 with HFA_01 running on a
Nokia IP380 IP 4.1 build 19. The firewall is managed by a
SmarCenter running on another Nokia IP650 (I know not supported
but this is my lab), also NGx R61 with HFA_01. I have the
checkpoint Account Management license on the SmartCenter.
I can authenticate Securemote Users via Microsoft Radius Server,
Steelbelt Radius Server, TACACS+ Server, RSA SecurID Server.
I use the generic* users and associate that account with either
MS Radius, TACACS+, RSA SecurID server authentication server
and I am set. However, I don't know how to do this with
Microsoft LDAP Server. Sadly, Checkpoint documentation
does not offer much on authentication with LDAP, especially
Microsoft LDAP. I have a standalone Active Directory (AD) Server
running behind the firewall with users on that AD server that I want
to be able to authenticate SecureRemote/client on this AD server.
Can someone help me with this? How do I go about doing this?
Thanks.
cisco4ng
---------------------------------
Finding fabulous fares is fun.
Let Yahoo! FareChase search your favorite travel sites to find flight and
hotel bargains.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
