I'm using CPPM as a RADIUS Authentication source for managment of our Cisco ASA firewalls.
I have a sevice which makes a RADIUS call to a one-time-password provider (SafeNet) and couples the response with AD-group membership to determine authentication/authorization.
For the routed firewall, this works perfectly.
The other firewall is transparent, and Cisco doesn't support their GUI (java application) login with OTP in transparent mode - the GUI authenticates 28 times just to get started!
I'm thinking it would be really neat if CPPM could remember that I'd just been authenticated from my IP address to the firewall just seconds ago and simply re-authorize me rather than re-submit the RADIUS call to the OTP provider for each of the 28 requests. Something like caching for 60 seconds a particular host IP/ NAS IP authentication result.
Anyone have a better idea? Or think this one is possible?