How to configure Check Point SmartDashboard for RADIUS authentication

In my previous post I demonstrate how to configure Check Point GAIA OS for RADIUS authentication, in this post I will show how to configure Check Point SmartDashboard for RADIUS authentication.

First we will have to configure a RADIUS client, on the NPS, for the security management:

Open the NPS console

Click on RADIUS Clients and Servers

Right click on RADIUS Clients and select New

Type in the name of the device

Type in the IP address of the device,

Note that this is the IP address that the device will use for reaching the RADIUS server according to the routing table, FW policy, NAT etc.

Type in a shared secret

Click on the Advanced tab and under vendor name make sure you select RADIUS Standard

Click OK

Now let’s configure Check Point SmartDashboard

Log in into SmartDashboard, and on the object menu select Servers and OPSEC

Click on the ‘+’ sign near to Servers, right click on RADIUS and click on New RADIUS

Type in the server name, select the host (create a new object for this server if necessary) and type in the shared secret (the one that we have configured in the NPS server)

Click OK

Now right click on RADIUS Group and select New RADIUS Group

Type in the group name and add the newly created RADIUS server to this group

Click OK

You will probably configure more than one RADIUS server so it’s easier to work with group object rather with single objects.

Click on Users and Administrators, right click on Administrators and click on New Administrator

For each user that you want to allow to login into the SmartDashboard, using his AD account, you will have to configure administrator account with the appropriate permission profile on the SmartDashboard.

On the General Properties type in the login username, exactly as it’s appear in the AD, under User Name and select the required permission profile.

Note that the permission profile allow you to assign the required access permissions per-account and you can configure new profiles with more granular permissions.

Select Authentication, choose on the Authentication Scheme RADIUS and select the newly created RADIUS group.

Click OK

Now logout from the SmartDashboard and try your new settings by login with your AD account.

After you managed to login into the SmartDashboard with your AD account I’m highly recommend to change the admin password to something very complex and hard, keep it on password vault and never use it again else needed.

This can be done by login into the SmartDashboard with the admin account and click on the tool menu, select Manage and click on Change My Password…