Followed the RSA guide for configuring Check Point and have allowed any traffic (no blocking) from Check Point but still not getting tcpdump result for 1812 and 1813.
But checking on Check Point side, logs indicate that traffic is allowed no drop traffic for 1812 and 1813.
What are we missing that needs to be configured?
Silly question but did you created a RADIUS client and associated authentication agent for the Check Point in the Security Console (RADIUS > RADIUS Client > Add New)?
I'd also try following 000014905 - Performing RADIUS authentication tests with NTRadPing to RSA Authentication Manager to see if RADIUS authentications work from other clients. Before you test, be sure to follow the steps in 000012942 - Enable RADIUS debug/verbose logs with RSA Authentication Manager 8.x to enable verbose logging for RADIUS.
If you cannot determine the issue, the logs generated will be helpful to a support engineer if you need to open a case.
Regards,
Erica
Checkpoints can authenticate to RSA server via 2 types of methods:
-radius on udp/1812 [using eap, peap, not chap]
-native securid on udp/5500
those are the type of packets to look for on the network
----------
On the RSA server you can check the radius log for details if you know radius traffic is hitting it but you get nothing in the security console logs...
a) edit /opt/rsa/am/radius/radius.ini and set loglevel and tracelevel to 2 to go to debug mode
b) restart radius /opt/rsa/am/server/rsaserv restart radius
c) do some tests
d) examine /opt/rsa/am/radius/20180426.log (note: this is the yearmonthday.log and radius makes a new one
each day at midnight)
e) be sure to turn off debug (loglevel and tracelevel to zero) and restart radius when done, otherwise
if radius is left in debug mode it can create huge unneeded log files over time.
Checkpoints can authenticate to RSA server via 2 types of methods:
-radius on udp/1812 [using eap, peap, not chap]
-native securid on udp/5500
those are the type of packets to look for on the network
----------
On the RSA server you can check the radius log for details if you know radius traffic is hitting it but you get nothing in the security console logs...
a) edit /opt/rsa/am/radius/radius.ini and set loglevel and tracelevel to 2 to go to debug mode
b) restart radius /opt/rsa/am/server/rsaserv restart radius
c) do some tests
d) examine /opt/rsa/am/radius/20180426.log (note: this is the yearmonthday.log and radius makes a new one
each day at midnight)
e) be sure to turn off debug (loglevel and tracelevel to zero) and restart radius when done, otherwise
if radius is left in debug mode it can create huge unneeded log files over time.