This section describes how to integrate Check Point Gateway Mobile access portal with RSA Cloud Authentication Service using RADIUS.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using Radius.

Procedure

1. Log into RSA Cloud Authentication Service.
2. Go to Authentication Clients > RADIUS

3. Click Add RADIUS Client and Profiles.

4. On the RADIUS Client page, enter the following details:

1. 1. Name: Enter a descriptive name for the Radius client.
   2. IP Address: Enter the IP address of the Radius client.
   3. Shared Secret: Create and enter a secure shared secret. This secret will be used for secure communication between the Radius client and the Radius server.

5. Enter the RADIUS client details and click Save and Next Step,
6. Click Finish to complete the configuration.
7. Click Publish Changes to apply your changes to the RADIUS server, and wait for the process complete.

Notes

• The RSA Cloud Authentication RADIUS server is configured to use UDP port 1812. 
• Shared Secret must be an alphanumeric string between 1 and 31 characters in length and is case-sensitive. 

Configure Check Point Mobile Access portal

Perform these steps to configure Check Point Mobile Access portal

Procedure

1. Log in to Check Point SmartConsole desktop application with admin credentials.
2. From the left pane, go to Gateways & Servers tab.
3. Double click the required deployed Check Point Gateway.

4. In the General properties of the gateway, ensure that Mobile Access Service is enabled.

Note: If Mobile Access Service is not enabled, follow the prompt to enable the service. During this process, the Mobile Access portal URL is configured which will be used by the end users to login to the portal.

5. In the Gateway & Servers tab, click New > More > Server > RADIUS.

6. In the RADIUS server window, if the RADIUS server host is not configured in the dropdown, create a new host with the Identity Router Management Interface IP address obtained from RSA.
7. Select the service >NEW-RADIUS which uses port 1812.
8. Enter the shared secret configured in RSA.

9. In SmartConsole, click the Gateways & Servers pane.
   1. Open the Security Gateway object. In the left pane, click Mobile Access > Authentication.
   2. In the Multiple Authentication Client Settings section, click Add to add a Realm object. Choose New.
   3. On the Login Option pane, in the Authentication Methods section, click Add.
   4. Select RADIUS.
   5. Select the previously configured RADIUS server from the Server dropdown and click Ok.

10. In the User Directories section:
    1. Internal users: In this configuration, the users authenticated against RSA must exist locally on the Check Point SmartConsole for authentication.
    2. LDAP users: In this configuration, the users authenticated against RSA must exist on a remote Active Directory server. Check Point must be configured to connect to it successfully to fetch the users according to the LDAP lookup for authentication.

Note: You must select the LDAP Lookup Type as mail.

1. 3. External user profiles: This relies on users existing outside of Check Point and LDAP, but you must create an external user generic profile to be able to authenticate correctly.

11. Go to the Gateways & Servers main tab, go to Global properties > Advanced > Configure > FireWall-1 > Authentication > RADIUS.
12. Configure values as shown in the following figure.

13. In SmartConsole, click Publish. 
14. Select the applicable policy, and choose Access Control.
15. Click Install to apply the policy. 

The configuration is complete.
Return to Main page