Authentication with Firewall-1 NG with AI - Firewalls

This is a discussion on Authentication with Firewall-1 NG with AI - Firewalls ; Seems that S/Key authentication has been removed from the latest version of Firewall-1 (NG with Application Intelligence R55). We have lots of Linux and MacOSX users, SecuRemote only seems to be available for Window$. Found SecuRemote to be very flakey ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Authentication with Firewall-1 NG with AI

  1. Authentication with Firewall-1 NG with AI

    Seems that S/Key authentication has been removed from the latest version
    of Firewall-1 (NG with Application Intelligence R55).
    We have lots of Linux and MacOSX users, SecuRemote only seems to be available
    for Window$. Found SecuRemote to be very flakey software on Windows anyway.
    So how are people meant to authenticate securely.

    Michael

  2. Re: Authentication with Firewall-1 NG with AI

    There are 5 valid remaining authentication schemes.

    OS password...use LDAP for Windows or Novell authentication
    VPN-1/Firewall-1
    Secure ID
    TACACS
    RADIUS server

    "MichaelK" wrote in message
    news:bdf31434.0401251102.69b77a54@posting.google.c om...
    > Seems that S/Key authentication has been removed from the latest version
    > of Firewall-1 (NG with Application Intelligence R55).
    > We have lots of Linux and MacOSX users, SecuRemote only seems to be

    available
    > for Window$. Found SecuRemote to be very flakey software on Windows

    anyway.
    > So how are people meant to authenticate securely.
    >
    > Michael



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.564 / Virus Database: 356 - Release Date: 1/19/2004



  3. Re: Authentication with Firewall-1 NG with AI

    MichaelK wrote:
    > Seems that S/Key authentication has been removed from the latest version
    > of Firewall-1 (NG with Application Intelligence R55).
    > We have lots of Linux and MacOSX users, SecuRemote only seems to be available
    > for Window$.


    SecuRemote NG is available for Redhat 7.2 and 7.3--not sure if it will work
    with later versions of RedHat. You should be able to get FreeS/WAN to work
    with VPN-1. As for MacOS X, you can use third-party VPN clients like
    VaporSec or Equinux VPN Tracker.

    > Found SecuRemote to be very flakey software on Windows anyway.


    SecuRemote NG FP3 Build 53515 has worked great for us on Win2K/XP.

    > So how are people meant to authenticate securely.


    RSA SecurID or any other time-synchronization tokens that can be accessed via
    RADIUS/TACACS, e.g. Vasco? Client certificates (Entrust or internal CA)?

    --
    Jason Kau
    http://www.cnd.gatech.edu/~jkau

  4. Re: Authentication with Firewall-1 NG with AI

    Does anyone no when checkpoint expects to provide client authentication for
    ssh as well as telnet, ftp, http and https, and rlogin?

    Thanks.



    "Jason Kau" wrote in message
    news:bv331f$jap$1@news-int2.gatech.edu...
    > MichaelK wrote:
    > > Seems that S/Key authentication has been removed from the latest version
    > > of Firewall-1 (NG with Application Intelligence R55).
    > > We have lots of Linux and MacOSX users, SecuRemote only seems to be

    available
    > > for Window$.

    >
    > SecuRemote NG is available for Redhat 7.2 and 7.3--not sure if it will

    work
    > with later versions of RedHat. You should be able to get FreeS/WAN to

    work
    > with VPN-1. As for MacOS X, you can use third-party VPN clients like
    > VaporSec or Equinux VPN Tracker.
    >
    > > Found SecuRemote to be very flakey software on Windows anyway.

    >
    > SecuRemote NG FP3 Build 53515 has worked great for us on Win2K/XP.
    >
    > > So how are people meant to authenticate securely.

    >
    > RSA SecurID or any other time-synchronization tokens that can be accessed

    via
    > RADIUS/TACACS, e.g. Vasco? Client certificates (Entrust or internal CA)?
    >
    > --
    > Jason Kau
    > http://www.cnd.gatech.edu/~jkau




+ Reply to Thread