How to configure ACS 5.2 and Checkoint for firewall admin using TACACS

Marlon Malinao · ‎08-06-2012

Hi,

Can somebody show how to configure ACS 5.2 for device administration of Checkpoint firewalls and security management servers?

thanks

thomas1337 · ‎08-06-2012

Hi,

I have created a "Authorization Profile" with a new "Shell Profile" policy.

In the policy i manualy entered this attributes:

Nokia-IPSO-SuperUser-Access=1

Nokia-IPSO-User-Role=adminRole

"adminRole" is a Checkpoint default role. You can create your own role and change these in your Shell Profile if needed.

The attribute are set to mandatory for this Shell Profile.

Regards

Marlon Malinao · ‎08-06-2012

Hi Thomas,

Thanks for the reply, this is for firewall gateway running IPSO, but how about the Security management server for checkpoint?

regards,

Marlon

thomas1337 · ‎08-06-2012

Hi Marlon,

we use TACACS only to authenticate user against our Security Management Server, but for authorization there is a local user configured which refers to the TACACS user.

If you use Provider-1, look at page 54.

http://dl3.checkpoint.com/paid/53/CheckPoint_R65_Provider1_AdminGuide.pdf?HashKey=1344278626_b260a4b6b3969325ae6bb4fc12d66871&xtn=.pdf

In Cisco ACS, you configure an "Authorization Profile" and add only the Shell Profile "Permit Access"

Thomas

Marlon Malinao · ‎09-05-2012

Hi Thomas,

Thanks for the reply, but i dont have enough privilege to access the link. will u able to share it?