the command setenv was required during installation as per the instructions that we
must set environment for FWDIR.Another gentleman asked to try export command,and i
think it is working.regarding radius server, iam going to try on linux machine as i
got a document for linux.Now i am searching for the steps to configure a rule base and
install,not yet found.if you could mail me,that is highly appreciable.
thanks
mohamed.
On Tue, 02 Oct 2001 Leonard Cheng wrote :
>
> I have a feeling the issue here is not on the platform
> FW-1 is running.
> Instead of using both ports, try modify the default
> RADIUS service object
> from UDP/1645 to UDP/1812. There is an implied rule
> (rule 0) that enables
> the connection between the FW and the RADIUS server
> through the default
> RADIUS service.
>
> I do not know what do you want to do with setenv.
> However, it is a csh
> command. I you are probably running bash on your linux
> box and therefore it
> is not a valid command. I think an equivalent command
> in bash is set.
>
> Leonard ........
>
> -----Original Message-----
> From: mohamed maraikayar [mailto:[EMAIL PROTECTED]]
> Sent: September 30, 2001 9:51 PM
> To: Leonard Cheng
> Cc: [EMAIL PROTECTED];
> Brockhoven,Werner;
> Juan Concepcion
> Subject: [FW1] Linux -.fw-1
>
>
>
>
> In win 2k adv server is configured for both ports,1645
> and 1812 ,by default
> itself.one new doubt, i have installed another fw-1
> over linux 6.2
> redhat,kernel 2.2.x.i couldnt FWDIR.if i give setenv
> command, it says
> command not found.i am not able to come out of this
> problem.please help,
> mohamed.
>
> On Sat, 29 Sep 2001 Leonard Cheng wrote :
> >
> > Did you look into whether the same UDP ports are
> used.
> > I think FW-1 is using the default 1645
> (authentication)
> > 1646 (Accounting)
> > while NT (at least Win2K for sure) is using 1812 and
> > 1813 respectively (RFC
> > 2026).
> >
> > Hope it helps.
> >
> > Le
> > -----Original Message-----
> > From: Mohamed Maraikayar [mailto:[EMAIL PROTECTED]]
> > Sent: September 28, 2001 12:42 AM
> > To: Juan Concepcion
> > Cc: [EMAIL PROTECTED];
> > mohamed maraikayar;
> > Brockhoven,Werner
> > Subject: Re: RE: [FW1] Re: RE: Radius authentication
> >
> >
> >
> >
> >
> >
> > Couple of things you want to look at:
> >
> > > Make sure the Radius service is actually running
> (not
> > > trying to insult your
> > > intelligence, it's just better to be safe than to
> be
> > > sorry).
> >
> > The Radius server is running.i checked by netstat -a
> > command.Also i used the
> > same machine as Radius server for pix firewall.So i
> > conclude Radius server
> > is running.I made the appropriate changes from pix
> > firewall to Fw-1, e-g
> > name of group, shared key etc.
> >
> > > Make sure the firewall and Radius server can ping
> > each
> > > other.
> >
> > There is a Layer 3 connectivity, i can ping.
> >
> > > Verify the Radius server is defined correctly in
> the
> > > firewall and that you
> > > have verified the shared secret between the two.
> >
> > This is also done.2 places.(1).In Manage servers, i
> > defined Radius
> > server.(2) I created a radius server group,same name
> > defined in win 2k
> > radius server,and added the server in the group.
> > I created a user,and enabled authentication as radius
> > in the user prop.If
> > any other config needed,please let
> next thing I would do is to try the
> > authentication
> > > straight from the
> > > firewall and run some sort of sniffer so you can
> see
> > > the traffic and ensure
> > > that they are definitely communicating. Easiest way
> > to
> > > run this test would
> > > be to run 'telnet localhost 259' on the firewall
> > which
> > > will invoke the
> > > security server, enter a username of a user
> currently
> > > configured for radius,
> > > and then make sure it first works straight from
> > > firewall to the radius
> > > server before you take the next step of getting
> > actual
> > > users to authenticate
> > > from wherever they may be.
> >
> > The user authentication is working. i choosed
> password
> > from VPN/FW-1.Also
> > client and session authentication works fine.when it
> > comes to radius,the
> > error comes.i also get a Radius password prompt.After
> > that only,the error"
> > RADIUS servers not responding".Trying with sniffer is
> a
> > good idea,but i have
> > to download and learn to use.yet i will try as last
> > resort.
> > > As I said not trying to insult your intelligence in
> > any
> > > w
> > st my experience that the longer
> > > you look/work @ a
> > > problem the further away the most obvious things
> get
> > > away from you.
> > I thank God for giving a good attitude,i never get
> > insulted in fact iam
> > learning,Thanks.
> > Last but least, I would like to tell the versions,
> > unfortunately the fw-1 is
> > 4.1 version ,SP2 and OS is winNT 4 SP4.The radius
> > server is Win ADV Server.
> >
> >
> > >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]
> om-
> > ]
> > > On Behalf Of
> > > mohamed maraikayar
> > > Sent: Wednesday, September 26, 2001 8:58 AM
> > > To: Brockhoven,Werner
> > > Cc: [EMAIL PROTECTED]
> > > Subject: [FW1] Re: RE: Radius authentication
> > >
> > >
> > >
> > >
> > > I havent added any rules till now.now i added 2
> rules,
> >
> > > from firewallgateway
> > > to raduis server an
> vice versa.Still
> > i
> > > recieve the same
> > > error.i configured a rule as " allusers@any
> ftp-serv
> > > ftp userauth gateway "
> > > and in the user properties, i enabled radius
> > > authentication for a user,say
> > > mohd.when i ftp to ftp-serv,i get a prompt bcoz of
> > of
> > > user authentication
> > > rule.i entered the user
ver.so fw-1 gave a prompt, "radius password:" ,i
> > > typed the password.then
> > > it took some 10 seconds time and displayed,"radius
> > > servers not responding".i
> > > disconnected the cable from fw-1 to radius server
> and
> > > tried again,i got the
> > > same error.so i can now conclude that there is some
> > > thing missing in the
> > > configuration of fw-1 or fw-1 related.any clues ?
> > > thanks
> > > mohamed.
> > >
> > > On Wed, 26 Sep 2001 Brockhoven, Werner wrote :
> > > > Hi,
> > > >
> > > > Do you have a rule to allow communication between
> > the
> > > > radius and the FW-1 ?
> > > > What do you get in the logging ?
> > > >
> > > > I'm sorry but I should ask you to send mails to
> the
> > > > checkpoint mailing list
> > > > and not directly to me personally.
> > > >
> > > > Regards,
> > > >
> > > > Werner
> > > >
> > > >
> > > > -----Original Message-----
> > >
> > ayar [mailto:[EMAIL PROTECTED]]
> > > > Sent: Wednesday, September 26, 2001 12:41 PM
> > > > To: Brockhoven, Werner
> > > > Subject: Radius authentication
> > > >
> > > >
> > > >
> > > > Sorry, i am sending you a third mail.Now i have
> > made a
> > > > win 2000 advanced
> > > > server as radius server.i have done the necesary
> > > > configurations ,added the
> > > > client as firewall's interface,defined radius
> server
> > > > group etc.The win NT
> > > > (SP4), i have installed checkpoint 4.1 (SP2).i
> have
> > > > defined the radius
> > > > server,shared key etc in check point also.but the
> > > error
> > > > i get is,"Radius
> > > > server not responding" , i searched mailing list
> > also,
> > > > but didnt get the
> > > > answer.what may be the problem ?
> > > > thanks,
> > > > moham
> .
> > > >
> > > >
> > >
> > >
> > >
> > >
> > > ====================================================-
> ==-
> > ==-
> > > ====================
> > > ====
> > > To unsubscribe from this mailing list, please
> > see
> > > the instructions at
> >
oint.com/services/ma-
> il-
> > in-
> > > g.html
> > > ====================================================-
> ==-
> > ==-
> > > ====================
> > > ====
> > >
> > >
> > >
> > > ====================================================-
> ==-
> > ==-
> > > ========================
> > > To unsubscribe from this mailing list, please
> > see
> > > the instructions at
> > > http://www.checkpoint.com/services/ma-
> il-
> > in-
> > > g.html
> > > ====================================================-
> ==-
> > ==-
> > > ========================
> > >
> >
> >
> >
> >
> > ======================================================-
> ==-
> > ====================
> > ====
> > To unsubscribe from this mailing list, please
> see
> > the instructions at
> > http://www.checkpoint.com/services/mail-
> in-
> > g.html
> > ======================================================-
> ==-
> > ====================
> > ====
> >
> >
> > ======================================================-
> ==-
> > ========================
> > To unsubscribe from this mailing list, please
> see
> > the instructions at
> > http://www.checkpoint.com/services/mail-
> in-
> > g.html
> > ======================================================-
> ==-
> > ========================
> >
>
>
>
>
> ========================================================-
> ====================
> ====
> To unsubscribe from this mailing list, please see
> the instructions at
> http://www.checkpoint.com/services/mailin-
> g.html
> ========================================================-
> ====================
> ====
>
>
> ========================================================-
> ========================
> To unsubscribe from this mailing list, please see
> the instructions at
> http://www.checkpoint.com/services/mailin-
> g.html
> ==============================================
> ========================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
