Manualshelf

User guide

ManualsBrandsCheck Point Software Technologies ManualsNetworkingSafe@Office 1000NW
701702703704705706707708709710
Using RADIUS Authentication
688 Check Point Safe@Office User Guide
Using RADIUS Authentication
You can use Remote Authentication Dial-In User Service (RADIUS) to authenticate both
Safe@Office appliance users and Remote Access VPN Clients trying to connect to the
Safe@Office appliance.
Note: When RADIUS authentication is in use, the Safe@Office appliance must have
a certificate.
When a user tries to log in to the Safe@Office Portal, the Safe@Office appliance sends the
entered user name and password to the RADIUS server. The server then checks whether
the RADIUS database contains a matching user name and password pair. If so, then the
user is logged in.
By default, all RADIUS-authenticated users are assigned the set of permissions specified
in the Safe@Office Portal's RADIUS page. However, you can configure the RADIUS server
to pass the Safe@Office appliance a specific set of permissions to grant the authenticated
user, instead of these default permissions. This is done by configuring the RADIUS
Vendor-Specific Attribute (VSA) with a set of attributes containing permission
information for specific users. If the VSA is configured for a user, then the RADIUS server
passes the VSA to the Safe@Office appliance as part of the response to the authentication
request, and the gateway assigns the user permissions as specified in the VSA. If the VSA
is not returned by the RADIUS server for a specific user, the gateway will use the default
permission set for this user.
In addition, you can configure the RADIUS server to pass the Safe@Office appliance a
Secure HotSpot session timeout value. When the RADIUS server's Session-Timeout
Attribute is configured, HotSpot users will be logged out after the specified session
timeout has elapsed.
Finally, you can track network usage, by configuring RADIUS accounting. When this
option is enabled, the Safe@Office appliance sends session information to the RADIUS
server at the begining and end of a user session, including the unique session identifier,
session start/end time, and additional statistical data. This data can then be used to charge
the user for network usage and to compile performance reports. For example, when Secure
HotSpot is enabled, you can use RADIUS accounting to measure HotSpot sessions and bill
HotSpot users accordingly. You can also use third-party products with the RADIUS server