User guide
Using Port-Based Security
418 Check Point Safe@Office User Guide
Table 76: Port-Based Security Fields
In this field…
Do this…
Assign to network Specify how the Safe@Office appliance should handle users who
authenticate successfully, by selecting one of the following:
• A network name. All users who authenticate to this port
successfully are assigned to the specified network.
• From RADIUS. Use dynamic VLAN assignment to assign users to
specific networks. This option is only relevant when using a
RADIUS server.
Authentication
Server
Specify which authentication server you are using, by selecting one of the
following:
• RADIUS. A RADIUS server.
•
Internal User Database.
The Safe@Office EAP authenticator.
Quarantine
Network
Specify which network should serve as the Quarantine network, by
selecting one of the following:
• A network name. All users for whom authentication to this port
fails are assigned to the specified network.
•
None.
No Quarantine network is selected.
Allow multiple
hosts
To allow multiple hosts to connect to this port, select this option.
Normally, 802.1x port-based security allows only a single host to connect to
each port. However, when this option is selected, multiple clients can
connect to the same port via a hub or switch. Each client on the port must
authenticate separately.
For information on cascading the Safe@Office appliance to a hub or switch,
see Cascading Your Appliance on page 102.
Note: Enabling this option makes 802.1x port-based security less secure.
Therefore, it is recommended to enable this option only in locations where
the number of ports are a limiting factor, and where an external 802.1x-
capable switch cannot be installed.