This section describes how to integrate Check Point Secure Gateway Identity Awareness Portal with RSA Cloud Authentication Service using RADIUS.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using RADIUS.

Procedure

1. Log in to RSA Cloud Authentication Service.
2. Go to Authentication Clients > RADIUS

3. Click Add Radius Client and Profiles.

4. On the RADIUS Client page enter the following details:
   1. Name: Enter a descriptive name for the RADIUS client.
   2. IP Address: Enter the IP address of the RADIUS client.
   3. Shared Secret: Create and enter a secure shared secret. This secret will be used for secure communication between the RADIUS client and the RADIUS server.

5. Enter the RADIUS client details and click Save and Next Step
6. Click Finish to complete the configuration.
7. Click Publish Changes to apply your changes to the RADIUS server and wait for the process to complete.

Notes

• The RSA Cloud Authentication RADIUS server is configured to listen on UDP port 1812. 
• The Shared Secret must be an alphanumeric string between 1 and 31 characters in length and is case-sensitive.

Configure Check Point Gateway Identity Awareness 

Perform these steps to configure Check Point Gateway Identity Awareness.

Procedure

1. Log in to Check Point SmartConsole desktop application using admin credentials.
2. From the left pane, go to Gateways & Servers tab.
3. Double click the required deployed Check Point Gateway.

4. In the General properties of the gateway, ensure that Identity Awareness is enabled.

Note: If Identity Awareness is not enabled, follow the prompt to enable the service. During this process, the Identity Awareness portal URL will be configured, and end users will be redirected to it when Identity Awareness is triggered by the configured policies.

5. In the Gateway & Servers tab, click New > More > Server > RADIUS.

6. In the RADIUS Server window, go to Host and select the RADIUS server host.

Note: If the RADIUS server host is not yet configured in the dropdown list, create a new host by entering the Identity Router Management Interface IP address obtained from the RSA. Then, select the RADIUS service, which uses port 1812, and enter the shared secret that was configured in the RSA.

7. In SmartConsole, click the Gateways & Servers panel.
8. Open the Security Gateway object. In the left pane, click Identity Awareness, enable Browser-Based Authentication and select Settings.
9. In the Access Settings, choose how end users will access this portal from the following options: 

1. 1.  All interfaces
   2.  Internal interfaces
   3. Firewall policy

10. In Authentication Settings, select RADIUS as the Authentication Method.
11. Select the RADIUS server configured previously from the dropdown menu. 
12. In the User Directories section, enter the following information:

1. 1. Internal users: In this configuration, users authenticated against RSA must exist locally on the Check Point SmartConsole for authentication.
   2. LDAP users: In this configuration, users authenticated against RSA must exist on a remote Active Directory server. Check Point must be configured to connect to it successfully to fetch the users according to the LDAP lookup for authentication.

Note: You must select the LDAP Lookup Type as mail.

1. 3. External user profiles: This configuration relies on users existing outside of Check Point and LDAP. However, you must create an external user profile to authenticate users correctly.

13. In the Gateways & Servers main tab, go to Global Properties > Advanced > Configure > FireWall-1 > Authentication > RADIUS.
14.  Configure the values as shown in the following figure.

14. In SmartConsole, click Publish.
15.  Click Install Policy, select the applicable policy, and choose Access Control.
16.  Click Install to apply the policy.

The configuration is complete.
Return to Main Page