How do I configure host authentication for Vigilent Security Agent for VPN-1/Firewall-1? (NETIQKB30610)

  • Document ID:7730610
  • Creation Date:02-Feb-2007
  • Modified Date:07-Jul-2008
    • Micro Focus Products:
      Secure Configuration Manager

Resolution

goal
How do I configure host authentication for VigilEnt Security Agent for VPN-1/Firewall-1?

fact
VigilEnt Security Agent for VPN-1/Firewall ? 1

fact
VigilEnt Security Agent for VPN-1/Firewall ? 1 1.1

fact
VigilEnt Security Agent for VPN-1/Firewall ? 1 1.1.1

fix

Follow these steps if you are using host authentication (the default authentication method) and need to authenticate the agent with the management module.

  1. Authorize the agent. To do this, type the following command on the Check Point management module machine:

    fw putkey -opsec IP.ADDRESS

    Where IP_ADDRESS is the IP address of the agent machine.

  2. Type a secret key phrase and remember it. The secret key phrase can be any string of characters that you want, but keep it short and simple. You must duplicate the string of characters exactly to authenticate the agent machine.

  3. Authenticate the agent machine. To do this, navigate to the VSAF/bin directory on the agent machine (where VSAF is the product directory).

  4. Type the following command at the shell prompt:

    opsec_putkey -port fw IP_ADDRESS

    Where IP_ADDRESS is the IP address of the Check Point management module computer. Do not use the default 127.x.x.x. Always use a valid IP address.

  5. When you are prompted for the secret key phrase, type the same secret key phrase that you used in Step 2.

  6. Review the output text to verify that authentication initialized. If authentication fails, then remove all *.C files in the VSAF/bin directory (where VSAF is the product directory and the asterisk (*) is any file name). After removing the files, start again at Step 1 and repeat this entire task. If authentication fails again, contact NetIQ Technical Support.


 



note

The following examples of successful and failed authentication attempts assume the following parameters:

  • The IP address for the management module machine is 10.0.0.1.
  • The mnemonic for the management module machine is management-machine.com.


Successful Authentication

FireMon% opsec_putkey -port fw 10.0.0.1
Please enter secret key:
Please enter secret key again:
opsec: Received new control security key from 10.0.0.1
Authentication with 10.0.0.1 initialized.


Failed Authentication

FireMon% opsec_putkey -port fw 10.0.0.1
Please enter secret key:
Please enter secret key again:
Failed to initialize authentication with 10.0.0.1
Authentication with management-machine.com for command
fwn1_opsec failed.



Additional Information

Formerly known as NETIQKB30610