Yeah, we tried the same thing here and gave it up. Of course that
was on ver 4.0 and I haven't tried it again on 4.1 SP1...I ended up
implementing Tacacs...and bought some Ace servers and doing
the token thing with sdtacplus...It works...not pretty...but it works...-
BK
On 21 Jun 2000, at 16:21, Carric Dooley wrote:
>
> I don't think anyone has answered the question you asked yet...
>
> There is a way (supposedly) to proxy RADIUS
> requests through FW-1. It is documented on phoneboy.com, and it involves
> setting up a user "generic*". I was trying to do this and have admin
> users with user ids on the firewall (which should have requested the
> password only from the RADIUS server) and then generic users (with a
> different policy) authenticate via "generic*" where the in theory the
> whole ID and password would be passed on. I could not get it to work, and
> could not get much more than "No one has ever asked that, and I DON'T
> think it will work" from tech support (checkpoint and SecureIT).
>
> It was frustrating, and we just decided to pass the protocol instead of
> trying to pass the authentication token.
>
>
> Carric Dooley CNE
> COM2:Interactive Media
> http://www.com2usa.com
>
> "Luck is the residue of design."
> - Branch Rickey - former owner of the Brooklyn Dodger Baseball Team
>
> On Wed, 21 Jun 2000 [EMAIL PROTECTED] wrote:
>
> >
> >
> > To all,
> >
> > Does FW-1 support a plugin to forward external RADIUS requests to an
> > internal server. For example, suppose there is a box out on the Internet
> > which authenticates users via RADIUS and I want to proxy those RADIUS
> > requests throught the firewall to an internal RADIUS server. Now the
> > answer is not to open up UDP port 1645 and 1646, so that the external box
> > can talk to the internal server directly, but rather through a proxy on the
> > firewall.
> >
> > Thanks,
> >
> > John
> >
> >
> >
> >
> > ================================================================================
> > To unsubscribe from this mailing list, please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > ================================================================================
> >
>
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
