Check Point integration - RADIUS


Requirements

  • Buypass Code Service Connector is installed and can communicate with LDAP server on TCP port 389 LDAP.
  • Service account for LDAP query is created.


Configure Buypass Code Manager

Log on to Buypass Code Manager with your admin account.

https://www.buypass.no/bpcode/merchants/YOURMERCHANTCODE/logon 


Configure LDAP server and LDAP path in menu Configuration → LDAP

LDAP path(s):

Several LDAP paths can be added in. For recursive search add (*) behind DC= (dc=local(*))


Add RADIUS client configuration (Configuration → RADIUS → New configuration)


Logon to Check Point SmartDashboard


Add new Host for Buypass Code Service Connector


Type Host name, IP-address and description. Click OK.


Click on "Servers and OPSEC Applications" (1). Right click on RADIUS and choose New RADIUS (2).


Enter: Name, Comment, Choose Host from P.6, choose service "UPD NEW-RADIUS", type in shared secret from P.4, choose RADIUS Ver.2.0 and PAP or CHAP. Click OK.


There are several ways to configure VPN user access in Check Point. Users can be authenticated directly on Check Point, using LDAP with AD, SecureID or using RADIUS. We will configure Check Point to authenticate users with RADIUS and Buypass Code.

Browse to Manage → Users and Administrators → New → External User Profile → Match all users. This will create user "generic".


Enter Comment, choose RADIUS "Authentication Scheme" and choose BPC Radius server configured in P.8. Click OK.


Create a new VPN group (User Group)


Enter group name. Add "generic*" in "Selected members". Click OK.


Click on VPN communities, right click Remote Access, choose Participating Gateways, add Check Point firewall object.


Click on Participant User Groups, Add group added in P.12. Click OK twice.


Create firewall rule (in necessary) to allow UDP/1812 (new-radius) traffic from firewall to Buypass Code Service Connector.


Install Policy


Configure Check Point client to use RADIUS for logon (Sites - Properties - Settings)

Choose "Username and Password" for "Authentication Method".


Enter username and OTP (One Time Password) from Buypass Code App. Click Connect.


VPN is connected.


We can track logon activity in Buypass Code Manager.






Innhold