Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Configuring Non-local RADIUS Users

In order to allow login with non-local user to the 61000/41000 Security System, you need to define a default role for all non-local users that are configured in the Radius server.

The default role can include a combination of administrative (read/write) access to some features, monitoring (read-only) access to other features, and no access to other features.

Syntax: to define default role for non-local users

add rba role radius-group-any domain-type System readonly-features <List>

readwrite-features <List>

  • readonly-features <List> - Comma separated list of Gaia features that have read only permissions in the specified role.
  • readwrite-features <List> - Comma separated list of Gaia features that have read/write permissions in the specified role.

Example:

add rba role radius-group-any domain-type System readonly-features arp

Verification:

Authenticate to the 61000/41000 Security System with a non-local user:

MyLaptop > ssh my_radius_user@my_61k_server

Upon successful authentication, the user 'my_radius_user' will be assigned the role 'radius-group-any' granted all the privileges defined in the radius-group-any role

 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print