Followed the RSA guide for configuring Check Point and have allowed any traffic (no blocking) from Check Point but still not getting tcpdump result for 1812 and 1813.
But checking on Check Point side, logs indicate that traffic is allowed no drop traffic for 1812 and 1813.
What are we missing that needs to be configured?
Checkpoints can authenticate to RSA server via 2 types of methods:
-radius on udp/1812 [using eap, peap, not chap]
-native securid on udp/5500
those are the type of packets to look for on the network
----------
On the RSA server you can check the radius log for details if you know radius traffic is hitting it but you get nothing in the security console logs...
a) edit /opt/rsa/am/radius/radius.ini and set loglevel and tracelevel to 2 to go to debug mode
b) restart radius /opt/rsa/am/server/rsaserv restart radius
c) do some tests
d) examine /opt/rsa/am/radius/20180426.log (note: this is the yearmonthday.log and radius makes a new one
each day at midnight)
e) be sure to turn off debug (loglevel and tracelevel to zero) and restart radius when done, otherwise
if radius is left in debug mode it can create huge unneeded log files over time.