We have a Checkpoint Firewall using ACS for authentication with RADIUS protocol.
We have two ACS servers configured as primary and secondary on the Checkpoint. Both the ACS servers are configured to use AD as the external database.
Checkpoint is forwarding the authentication request to the primary ACS server. The primary ACS server receives the request and keeps trying to authenticate with the AD. For some reason, the authentication is failing. Please check the attached failed login attempt log. ACS tries the authentication many times and hence the account of the user is being locked out on the AD.
Meanwhile, Checkpoint does not receive any response from the primary ACS server. So, it goes to the secondary ACS server. Checkpoint is able to authenticate with the Secondary ACS server.
To add more information to the case, the primary ACS server is successfully authenticating requests from wireless Access Points for the same user accounts.
The External Database configuration on both the ACS servers look the same.
Please let me know, what could be the problem and why the Primary ACS server is not authenticating requests from Checkpoint, while it can authenticate requests from Wireless Access Points.