Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Regulatory Compliance

Check Point and RADIUS

To protect access to sensitive information, it is essential to properly authenticate all users connecting to the corporate network and to assign each user the proper privileges for access to resources and information. As such, user authentication is central to all regulatory requirements (HIPPA, SOX, etc.).

In a VPN environment, RADIUS can manage both user authentication and tunnel authorization. Users can launch their VPN client to build a tunnel to the corporate network from remote locations. The Check Point VPN-1 gateway on the enterprise network communicates with RADIUS to establish user credentials. After the user is authenticated and authorized, RADIUS can also provide VPN tunnel configuration detail such as the encryption protocol and tunnel endpoint to use.

With RADIUS, enterprises can control user credentials from a central location. No reconfiguration of the VPN server is required as user access policies change. IT management costs are reduced and you have better visibility into who is connected to your network.

Businesses increasingly need to provide employees with easy and cost-effective mobile and remote access to corporate applications and resources. The need to ensure that only authorized users are granted access is mission critical. To provide true network security, the access method itself must be bulletproof, and controls must be put in place to manage the identity of the individual who is accessing network resources.

The integrated solution between Check Point's industry leading VPN products and any RADIUS server enables customers to ensure that only properly authenticated users access the corporate LAN remotely. Integration with RADIUS enables administrators to run audits on user connections and tailor authorization and accounting controls. VPN-1 supports internal user groups and external user groups. Internal users are defined on the local database. VPN-1 can also work with groups of users defined on external authorization servers, such as LDAP, Radius and ACE servers. These external groups can be defined on LDAP and Radius. VPN-1 maps these external groups and associates them with authorization Policies.

VPN-1 authenticates user and user groups defined on the RADIUS server. VPN-1's RADIUS client then handles authentication and examines the specified RADIUS class to retrieve the user's groups. (The RADIUS attribute "class" holds the group name). Once the Radius group has been retrieved, VPN-1 maps the RADIUS group to the appropriate VPN-1 group and applies a group Policy. The group Policy supplies access restrictions and a unique portal, with appropriate bookmarks for that user group.

VPN-1 integration with RADIUS highlights

  • Stops identity, password, and data theft on remote endpoints
  • Secure Database of user credentials
  • Protects internal resources from attacks from insecure endpoints
  • Delivers authentication scalability
  • Integrates with existing network and security infrastructure

RADIUS Partners

  • InfoBlox - RADIUS One
  • ActivCard - Activpack
  • Aladdin - E-token
  • Arcot Systems - Arcot for Check Point
  • CryptoCard - CryptoADMIN
  • Secure Computing - SafeWord

Check Point VPN-1 Pro
VPN-1 Pro, an integrated VPN-1 and FireWall-1 gateway, offers management capability, attack protection and traffic shaping technology. VPN-1 Pro utilizes INSPECT, the industry's most adaptive and intelligent inspection technology, to protect the privacy of business communications over the Internet while securing critical network resources against unauthorized access.

VPN-1 pro is a tightly integrated software solution combining the market leading FireWall-1 security suite with sophisticated VPN technologies. The cornerstone of Check Point's intelligence security solutions, VPN-1 pro meets the demanding requirements of Internet, intranet and Extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, branch offices, and business partners. VPN-1 Pro solutions are available on the industry's broadest range of platforms and security appliances meeting the price/performance of any size organization.

More on RADIUS Partners