RADIUS Server - General Properties
What can I do here?
Use this window to create or edit the General properties of a RADIUS server. This network object lets users with RADIUS credentials authenticate to a Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..
|
Getting Here - Object Explorer > New > Server > More > New RADIUS > General |
Understanding RADIUS Servers
RADIUS (Remote Authentication Dial-In User Service) server is used for authentication of users. Check Point uses the RADIUS servers in these scenarios:
-
Administrators logging in to SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.
-
SecuRemote Users (via IKE Hybrid Mode)
RADIUS Configuration Fields
-
Host is where the RADIUS server is deployed.
-
Service is the port to which the RADIUS server listens. Choose one of two predefined services.
-
RADIUS is port number historically used by most installations.
-
NEW-RADIUS is the officially registered port number.
-
-
Shared secret is the secret between the RADIUS server and the Security Gateway.
-
Version can be either RADIUS Version 1.0, which is RFC 2138 compliant, and RADIUS Version 2.0 which is RFC 2865 compliant. For more, see:
-
Protocol is the type of authentication protocol that will be used when authenticating the user to the RADIUS server. This type should be supported and enabled by the server. The MS-CHAP v2 protocol is supported by some servers, including Microsoft IAS and Cisco ACS. This protocol provides higher security and the ability to perform a password change, as an additional challenge in the authentication session, when the user is configured as "User must change password at next logon" on the server.
Note - When defining a group of RADIUS server objects in Security Management, all members of the group must use the same protocol.
-
Priority applies when there is more than one RADIUS server in the system. In that case, the order in which the servers are contacted is set by their defined priority number. The lower the number the higher the priority.