RE: [FW1] SecurID and Checkpoint

Thu, 20 Sep 2001 03:55:39 -0700 


Is this for Securemote/Secureclient access?  This comes straight from the
SecureKnowledge Base:

Solution: How to Implement SecurID with FireWall-1 (36.0.1461512.2500572) 
FireWall-1 software uses the standard client library of the ACE/Server. The
FireWall-1 needs to be defined as a standard ACE UNIX Client. 

UNIX :
---------
You have to prepare the FireWalled machine as a client, as per the
ACE/Server Instruction Manual, Section I-6, Prepare clients: "copy
sdconf.rec from the master's /var/ace to /var/ace directory made on the
client". The sdconf.rec file is read by the FireWall-1 software to determine
who is the ACE/Server and other parameters involving the client-server
communications. 

Windows NT :
-------------------
The procedure is similar. The sdconf.rec file has to be copied to
c:\Winnt\system32. 

When adding new users, you need to add them both in the FireWall-1 users
database and in the SecurID server, unless you use the generic user feature
of version 3.0. 

The new PIN option is supported with FireWall-1, as well as the DES version
of the SecurID protocol (in 3.0 and higher versions of FireWall-1).

Note: Using the DES version of ACE must be in conjunction with the VPN+DES
edition of FireWall-1. 



-----Original Message-----
From: Wolfgang Kueter [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 17, 2001 6:15 PM
To: CP-FW-1
Subject: Re: [FW1] SecurID and Checkpoint



Prem" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I have Checkpoint 2000 running on NT, and need to integrate with RSA
> SecurID and Ace Server, Does any one have an idea on how to configure
> checkpoint for SecurID auth.

If you are not able to find that in the manual, get professional help 
from a consultant. You'll probably be able to pay him, since you could 
also afford the ACE Server.

Wolfgang
-- 
Wolfgang Kueter Netzwerkadministration & Security
SHLINK Internet Service http://www.shlink.de [EMAIL PROTECTED]
Postfach 1044, 25310 Elmshorn, Fed. Rep. Germany
Telefon: +49 4121 269 006 Fax: +49 4121 269 007


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to