Configuring Gaia as a RADIUS Client

GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. acts as a RADIUS client. You must define a role for the RADIUS client, and the features for that role.

To allow login with non-local users to Gaia, you must define a default Gaia role for all non-local users that are configured in the RADIUS server.

The default role can include a combination of:

  • Administrative (read/write) access to some features

  • Monitoring (read-only) access to other features

  • No access to other features.

Important - On Scalable Platforms (Maestro and Chassis), you must run the applicable commands in Gaia gClish of the applicable Security Group.

To configure Gaia as a RADIUS Client

Step

Instructions

1

Define the role for the RADIUS client:

  • If no group is defined on the RADIUS server for the client, define this role:

    radius-group-any

  • If a group is defined on RADIUS server for the client (group XXX, for example), define this role:

    radius-group-<XXX>

2

Define the features for the role.

Example for Gaia Clish

gaia> add rba role radius-group-any domain-type System readonly-features arp

For instructions, see Roles.

Note - Do not define a new user for external users. An external user is one that is defined on an authentication server (such as RADIUS or TACACS), and not on the local Gaia system.