Hi All,
I have over 500+ Nokia firewalls Checkpoint
firewalls NG Feature Pack 3 with HFA_325 on
IPSO 3.5, 3.7.1 or 3.9 and NGx R61 with HFA_01
on IPSO 4.1. Currently everyone who log into
the Nokia Enforcement Module is sharing the
"admin" account.
With the new Payment Creditcard Industry (PCI),
compliance, this is not acceptable. They want
everyone who access the Nokia must have unique
ID account, NO shared account.
Since IPSO implementation of AAA is very poorly.
In other words, the account(s) that residing
on AAA server must also resides on the local
account as well, which is not a very scalable.
Furthermore, it does NOT have AAA accounting.
SPLAT has limited support for Radius authentication
but the "expert" mode is still "shared" password and
no accounting either.
Anyone having similar issues with this and
how do you resolve this problem and make it PCI
compliance?
Thanks.
---------------------------------
Sucker-punch spam with award-winning protection.
Try the free Yahoo! Mail Beta.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
