Granting User Access using RADIUS Server Groups

The Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. lets you control access privileges for authenticated RADIUS users, based on the administrator's assignment of users to RADIUS groups. These groups are used in the Security Rule Base All rules configured in a given Security Policy. Synonym: Rulebase. to restrict or give users access to specified resources. Users are unaware of the groups to which they belong.

Remote Authentication Dial-In User Service (RADIUS) is an external authentication method that provides security and scalability by separating the authentication function from the access server.

Using RADIUS, the Security Gateway forwards authentication requests by remote users to the RADIUS server. For administrators, the Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. forwards the authentication requests. The RADIUS server, which stores user account information, does the authentication.

The RADIUS protocol uses UDP to communicate with the Security Gateway or the Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

RADIUS servers and RADIUS server group objects are defined in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

To use RADIUS groups, you must define a return attribute in the RADIUS user profile of the RADIUS server. This attribute is returned to the Security Gateway and contains the group name (for example, RAD_<group to which the RADIUS users belong>) to which the users belong.

Use these RADIUS attributes (refer to RFC 2865):

• For SecurePlatform - attribute "Class" (25)

• For other operating systems, including Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems., Windows, and IPSO-attribute "Vendor-Specific" (26)