Академический Документы
Профессиональный Документы
Культура Документы
<Partner Product>
Solution Summary
Check Point Security Gateway can be integrated with RSA SecurID Access to provide RSA SecurID
Authentication using either native SecurID Agent integration or RADIUS.
Check Point Security Gateway can be integrated with RSA Identity Router to provide policy-based Multi-
factor (including SecurID) Authentication using RADIUS.
RSA SecurID Access Features
Check Point Software Blades R80.10
On Premise Methods
RSA SecurID ✔
On Demand Authentication ✔
Risk-Based Authentication (AM) -
Cloud Authentication Service Methods (CAS)
Authenticate App ✔
FIDO Token -
SSO
SAML SSO -
HFED SSO -
Identity Assurance
-- 2 -
Check Point
Security Gateway Software Blades R80.10
Check Point Security Gateway integration with RSA Cloud Authentication Service
IDR Cloud
Authentication Methods REST HFED RADIUS
SAML SAML
RSA SecurID - - - - ✔
LDAP Password - - - - ✔
Authenticate Approve - - - - ✔
Authenticate Tokencode - - - - ✔
Device Biometrics - - - - ✔
SMS Tokencode - - - - ✔
Voice Tokencode - - - - ✔
FIDO Token - - -
RSA SecurID - ✔ ✔ -
AM RBA - -
✔ Supported
- Not supported
n/t Not yet tested or documented, but may be possible
-- 3 -
Check Point
Security Gateway Software Blades R80.10
Configuration Summary
All of the supported use cases of RSA SecurID Access with Check Point Security Gateway require both
server-side and client-side configuration changes. This section of the guide includes links to the
appropriate sections for configuring both sides for each use case.
RSA Cloud Authentication Service – Check Point Security Gateway can be integrated with RSA Cloud
Authentication Service in the following way(s):
RADIUS Client
Cloud Authentication Service RADIUS Configuration
Check Point Security Gateway RADIUS Configuration
RSA Authentication Manager – Check Point Security Gateway can be integrated with RSA
Authentication Manager in the following way(s):
RADIUS Client
Authentication Manager RADIUS Configuration
Check Point Security Gateway RADIUS Configuration
UDP Agent
Authentication Manager UDP Agent Configuration
Check Point Security Gateway UDP Agent Configuration
-- 4 -
Check Point
Security Gateway Software Blades R80.10
UDP Agent
To configure your RSA Authentication Manager for use with a UDP-based agent, you must create an
agent host record in the Security console of your Authentication Manager and download its configuration
file (sdconf.rec).
Hostname: Configure the agent host record name to match the hostname of the agent.
IP Address: Configure the agent host record to match the IP address of the agent.
-- 5 -
Check Point
Security Gateway Software Blades R80.10
Overview
Configure an Authentication Server
SecurID Access RADIUS On-Prem & CAS VPN and Mobile Client Configuration
Authentication Agent (UDP) Configuration
Configure Check Point for RSA SecurID Authentication
Enable RSA Authentication for users
Configure a User
Configure for External Users
Check Point IPSec VPN Configuration
Configure a VPN Community Rule
-- 6 -
Check Point
Security Gateway Software Blades R80.10
-- 7 -
Check Point
Security Gateway Software Blades R80.10
2. In the Host window, enter the Object Name then specify the IPv4 address or DNS Name, click
OK.
3. Repeat step 2 for each SecurID RADIUS or SecurID RADIUS Cloud Access server, select OK.
-- 8 -
Check Point
Security Gateway Software Blades R80.10
5. Enter the Object Name for the SecurID RADIUS server and from the drop-down list select the
RADIUS host configured in step 2. (repeat as needed for each SecurID RADIUS Host).
RADIUS Service, RADIUS Ver 1.0 port 1645 (Supports SecurID RADIUS On-Premise only)
NEW-RADIUS utilizes port 1812 (Supports SecurID RADIUS On-Premise or SecurID RADIUS CAS)
-- 9 -
Check Point
Security Gateway Software Blades R80.10
7. Use one of the following; SecurID Access RADIUS or SecurID RADIUS Cloud Access Service.
8. (SecurID Access RADIUS); If Check Point Mobile/VPN deployment is being configured with RSA
SecurID Access RADIUS On-Premise provide a RADIUS Group Name for the object and add any
number of RADIUS servers to the list.
-- 10 -
Check Point
Security Gateway Software Blades R80.10
9. (SecurID RADIUS Cloud Access Service); If Check Point Mobile/VPN deployment is being
configured with RSA SecurID Cloud Access Service RADIUS provide a RADIUS Group Name for the
object and add the RSA SecurID Cloud Access Service RADIUS Server.
10. Right click the Check Point Server and select Edit.
-- 11 -
Check Point
Security Gateway Software Blades R80.10
11. Select the VPN Clients > Authentication, check Allow older clients to connect to this
gateway and Settings.
12. Change the Display Name to RADIUS then from the Authentication Method drop down list select
RADIUS and from the Server drop down list select the SecurID RADIUS Group.
-- 12 -
Check Point
Security Gateway Software Blades R80.10
-- 13 -
Check Point
Security Gateway Software Blades R80.10
15. Modify the radius ignore setting changing the default value of “0” to “76”, select OK.
-- 14 -
Check Point
Security Gateway Software Blades R80.10
-- 15 -
Check Point
Security Gateway Software Blades R80.10
-- 16 -
Check Point
Security Gateway Software Blades R80.10
2. Enter the Name for the SecurID server, select Browse to import the sdconf.rec Configuration file.
3. Locate the sdconf.rec downloaded from the RSA SecurID Access server, select Open.
-- 17 -
Check Point
Security Gateway Software Blades R80.10
5. Select the VPN Clients > Authentication, check Allow older clients to connect to this
gateway and Settings.
-- 18 -
Check Point
Security Gateway Software Blades R80.10
6. Change the Display Name to SecurID, from the Authentication Method drop down list select
SecurID and from the Server drop down list select the Server: SecurID_Native, Select OK.
-- 19 -
Check Point
Security Gateway Software Blades R80.10
9. Select Install.
-- 20 -
Check Point
Security Gateway Software Blades R80.10
2. From the New User Window, choose the Default template, select OK.
-- 21 -
Check Point
Security Gateway Software Blades R80.10
3. Enter the name of the user in the Object Name field and Email address in the appropriate field,
select Authentication.
4. From the drop down box choose either SecurID or RADIUS as the user’s Authentication method,
click OK.
-- 22 -
Check Point
Security Gateway Software Blades R80.10
Login Screenshots
Login screen:
-- 23 -
Check Point
Security Gateway Software Blades R80.10
Next Tokencode:
-- 24 -
Check Point
Security Gateway Software Blades R80.10
-- 25 -
Check Point
Security Gateway Software Blades R80.10
RSA SecurID - ✔
LDAP Password - ✔
Authenticate Approve - ✔
Authenticate Device Biometrics - -
Authenticate Tokencode - ✔
SMS Tokencode -
Voice Tokencode -
FIDO Token -
RSA SecurID - ✔ - ✔
RSA SecurID Software Token Automation - ✔ - ✔
On Demand Authentication - ✔ - ✔
Risk-Based Authentication ✔ ✔
-- 26 -
Check Point
Security Gateway Software Blades R80.10
Known Issues
-- 27 -
Check Point
Security Gateway Software Blades R80.10
Appendix
RSA SecurID Access Integration Details
Partner Integration Details
RSA Authentication Agent API (UDP) N/A
RSA Authentication Agent API (TCP) N/A
RSA SecurID Authentication API
N/A
(REST)
RSA SecurID User Specification All Users
Display RSA Server Info No
Perform Test Authentication No
Agent Tracing No
-- 28 -