List Info

Thread: Integrity anyone?
Integrity anyone?
user name
 2006-09-26 16:48:53 
Hi,
 
I was playing with 802.1x once in the past. My setup was
 
- cisco 29XX series switch
- Interity server (configured as RADIUS proxy)
- MS IAS/DC server acting as RADIUS/AD server for
authenticating users
 
 
It took more than 30 seconds for the compliant client to
became part of compliant production VLAN, which was too long
for me at that moment.   The problem is in architecture:
Integrity client first needs IP connectivity with Integrity
server for compliancy checking proccess. This means, that
client is first associated with quarantine VLAN (one DHCP
pool), checked with Integrity server for compliancy (heart
beat) and later moved to production VLAN. 
 
Cisco NAC is working much quicker on that level, because it
uses RADIUS for compliancy checking...
 
 
If someone else has different experiences, I'm interested
for info too.
 
 
Regards
 
Andrej

________________________________

From: Mailing list for discussion of Firewall-1 on behalf of
Michael Schwartzkopff
Sent: tor 9/26/2006 12:20
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Integrity anyone?



Hi,

Anyone using Integrity? Could you please share your
experiences.

How is 802.1x integration with Windows logon?
What technology does Integrity use for 802.1x integration?
RADIUS?

How does it scale (>> 1000 user)?

How is high availability: load sharing or round robin? How
does the client
know what the "closest, fastest" Integrity server
is?

What OS is preferred for the server? Linux or Win?

What possibilities exist to have PCs with the Integrity
client and clientless
PCs in the same net?

Thanks for hints.

Michael

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================



=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )