Discussion:
Authentication with Firewall-1 NG with AI
(too old to reply)
MichaelK
2004-01-25 19:02:19 UTC
Permalink
Seems that S/Key authentication has been removed from the latest version
of Firewall-1 (NG with Application Intelligence R55).
We have lots of Linux and MacOSX users, SecuRemote only seems to be available
for Window$. Found SecuRemote to be very flakey software on Windows anyway.
So how are people meant to authenticate securely.

Michael
Beoweolf
2004-01-26 02:49:56 UTC
Permalink
There are 5 valid remaining authentication schemes.

OS password...use LDAP for Windows or Novell authentication
VPN-1/Firewall-1
Secure ID
TACACS
RADIUS server
Post by MichaelK
Seems that S/Key authentication has been removed from the latest version
of Firewall-1 (NG with Application Intelligence R55).
We have lots of Linux and MacOSX users, SecuRemote only seems to be available
for Window$. Found SecuRemote to be very flakey software on Windows anyway.
So how are people meant to authenticate securely.
Michael
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.564 / Virus Database: 356 - Release Date: 1/19/2004
Jason Kau
2004-01-26 13:00:31 UTC
Permalink
Post by MichaelK
Seems that S/Key authentication has been removed from the latest version
of Firewall-1 (NG with Application Intelligence R55).
We have lots of Linux and MacOSX users, SecuRemote only seems to be available
for Window$.
SecuRemote NG is available for Redhat 7.2 and 7.3--not sure if it will work
with later versions of RedHat. You should be able to get FreeS/WAN to work
with VPN-1. As for MacOS X, you can use third-party VPN clients like
VaporSec or Equinux VPN Tracker.
Post by MichaelK
Found SecuRemote to be very flakey software on Windows anyway.
SecuRemote NG FP3 Build 53515 has worked great for us on Win2K/XP.
Post by MichaelK
So how are people meant to authenticate securely.
RSA SecurID or any other time-synchronization tokens that can be accessed via
RADIUS/TACACS, e.g. Vasco? Client certificates (Entrust or internal CA)?
--
Jason Kau
http://www.cnd.gatech.edu/~jkau
Dan
2004-01-28 22:32:05 UTC
Permalink
Does anyone no when checkpoint expects to provide client authentication for
ssh as well as telnet, ftp, http and https, and rlogin?

Thanks.
Post by Jason Kau
Post by MichaelK
Seems that S/Key authentication has been removed from the latest version
of Firewall-1 (NG with Application Intelligence R55).
We have lots of Linux and MacOSX users, SecuRemote only seems to be available
for Window$.
SecuRemote NG is available for Redhat 7.2 and 7.3--not sure if it will work
with later versions of RedHat. You should be able to get FreeS/WAN to work
with VPN-1. As for MacOS X, you can use third-party VPN clients like
VaporSec or Equinux VPN Tracker.
Post by MichaelK
Found SecuRemote to be very flakey software on Windows anyway.
SecuRemote NG FP3 Build 53515 has worked great for us on Win2K/XP.
Post by MichaelK
So how are people meant to authenticate securely.
RSA SecurID or any other time-synchronization tokens that can be accessed via
RADIUS/TACACS, e.g. Vasco? Client certificates (Entrust or internal CA)?
--
Jason Kau
http://www.cnd.gatech.edu/~jkau
Loading...