Resolution
How do I configure host authentication for VigilEnt Security Agent for VPN-1/Firewall-1?
fact
VigilEnt Security Agent for VPN-1/Firewall ? 1
fact
VigilEnt Security Agent for VPN-1/Firewall ? 1 1.1
fact
VigilEnt Security Agent for VPN-1/Firewall ? 1 1.1.1
fix
Follow these steps if you are using host authentication (the default authentication method) and need to authenticate the agent with the management module.
- Authorize the agent. To do this, type the following command on the Check Point management module machine:
fw putkey -opsec IP.ADDRESS
Where
IP_ADDRESS
is the IP address of the agent machine. - Type a secret key phrase and remember it. The secret key phrase can be any string of characters that you want, but keep it short and simple. You must duplicate the string of characters exactly to authenticate the agent machine.
- Authenticate the agent machine. To do this, navigate to the
VSAF/bin directory
on the agent machine (where VSAF is the product directory). - Type the following command at the shell prompt:
opsec_putkey -port fw IP_ADDRESS
Where
IP_ADDRESS
is the IP address of the Check Point management module computer. Do not use the default 127.x.x.x. Always use a valid IP address. - When you are prompted for the secret key phrase, type the same secret key phrase that you used in Step 2.
- Review the output text to verify that authentication initialized. If authentication fails, then remove all *.C files in the
VSAF/bin directory
(where VSAF is the product directory and the asterisk (*) is any file name). After removing the files, start again at Step 1 and repeat this entire task. If authentication fails again, contact NetIQ Technical Support.
note
The following examples of successful and failed authentication attempts assume the following parameters:
- The IP address for the management module machine is 10.0.0.1.
- The mnemonic for the management module machine is management-machine.com.
Successful Authentication
FireMon% opsec_putkey -port fw 10.0.0.1
Please enter secret key:
Please enter secret key again:
opsec: Received new control security key from 10.0.0.1
Authentication with 10.0.0.1 initialized.
Failed Authentication
FireMon% opsec_putkey -port fw 10.0.0.1
Please enter secret key:
Please enter secret key again:
Failed to initialize authentication with 10.0.0.1
Authentication with management-machine.com for command
fwn1_opsec failed.