RADIUS servers used do not match across cluster members for Check Point


Check Point


Indeni will identify when two devices are part of a cluster and alert if the RADIUS servers they are using are different.

Remediation Steps

Review the RADIUS configuration on each device to ensure they match.

How does this work?

Parse the gaia configuration database in /config/active and retreive the currently configured RADIUS servers. It is also possible to list them using clish, but that generates a large amount of logs in /var/log/messages when done repeatedly.

Why is this important?

If the RADIUS servers are configured incorrectly, it might not be possible for an administrator to login to the device.

Without Indeni how would you find this?

An administrator could login and manually run the command.

View Source Code