https://community.checkpoint.com/t5/Firewall-and-Security-Management/customize-http-client-authentication-page/m-p/78894#M6076 Identity Awareness is the solution, yes.<BR />You might be able to customize the portal by hacking the underlying code, but I don't think we provide any instructions for that. Thu, 19 Mar 2020 23:43:46 GMT PhoneBoy 2020-03-19T23:43:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/customize-http-client-authentication-page/m-p/78685#M6053 <P>Hello,</P><P>&nbsp;</P><P>We are using FW version 80.10 and we have the HTTP client authentication page that has been customized with logo and background, these image have been configured by using links to another web server due to the page size limitation.</P><P>We tried to upgrade our gateway to the 80.30 but after that we dicovered that the checkpoint internal web server was using the feature "content security policy" by adding a setting into the header and the browsers block the image when loading the page.</P><P>Do you know if know the page size is still limited and if I can host the image from the checkpoint itself and where ?</P><P>Is there a way to change the internal web server setting in order to allow external src of image ? and where are the config file ?</P><P>Thanks for your help, I am searching for a while about this.</P><P>Nico</P> Wed, 18 Mar 2020 13:26:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/customize-http-client-authentication-page/m-p/78685#M6053 nlegastelois 2020-03-18T13:26:08Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/customize-http-client-authentication-page/m-p/78688#M6054 What precise reason are you still using Client Auth?<BR />We've deprecated this authentication method in R80.x and recommend using Identity Awareness, which does have its own Captive Portal. Wed, 18 Mar 2020 13:44:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/customize-http-client-authentication-page/m-p/78688#M6054 PhoneBoy 2020-03-18T13:44:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/customize-http-client-authentication-page/m-p/78690#M6055 <P>To be honest I don't know as the solution are in place for long time and I am trying to manage it now.</P><P data-unlink="true">We are accessing to the URL <A href="http://fw:900" target="_blank">http://fw:900</A>&nbsp; and we can enter our AD credential then it's linked to a radius with MFA. We are using this authentication for users that are connected to a global VPN and we have some part of our network with rules that need to identify the users.</P><P data-unlink="true">I found that the deamon is&nbsp;in.ahclientd and the web pages are in&nbsp;<SPAN>$FWDIR/conf/ahclientd.</SPAN></P><P data-unlink="true">I don't know if it is really User authentication ?</P><P data-unlink="true">Is it possible to replace by User awareness and how ?</P><P data-unlink="true">&nbsp;</P><P data-unlink="true">Thanks</P> Wed, 18 Mar 2020 14:01:47 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/customize-http-client-authentication-page/m-p/78690#M6055 nlegastelois 2020-03-18T14:01:47Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/customize-http-client-authentication-page/m-p/78838#M6074 <P>Hello,</P><P>other question if the identity awareness is the solution, is there a way to personalize the web site directly by changing the php code ?</P><P>&nbsp;</P><P>Thanks</P> Thu, 19 Mar 2020 17:11:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/customize-http-client-authentication-page/m-p/78838#M6074 nlegastelois 2020-03-19T17:11:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/customize-http-client-authentication-page/m-p/78894#M6076 Identity Awareness is the solution, yes.<BR />You might be able to customize the portal by hacking the underlying code, but I don't think we provide any instructions for that. Thu, 19 Mar 2020 23:43:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/customize-http-client-authentication-page/m-p/78894#M6076 PhoneBoy 2020-03-19T23:43:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/customize-http-client-authentication-page/m-p/113670#M15864 <P>Hi,</P><P>Sorry to refresh this topic but I am still looking for a way to customize the captive portal because the default possibilities are not sufficients.</P><P>Does someone already customized the portal by modifying the code ? Is that something that will follow the Checkpoit upgrades ?</P><P>Thank you for your help.</P><P>Nicolas</P> Tue, 16 Mar 2021 13:41:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/customize-http-client-authentication-page/m-p/113670#M15864 nlegastelois 2021-03-16T13:41:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/customize-http-client-authentication-page/m-p/113685#M15868 <P>The underlying code is in:&nbsp;<SPAN class="s1">/opt/CPUserCheckPortal/htdocs<BR />I think it's safe to say any modifications to this will NOT survive an upgrade or maybe even a JHF.</SPAN></P> Tue, 16 Mar 2021 15:30:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/customize-http-client-authentication-page/m-p/113685#M15868 PhoneBoy 2021-03-16T15:30:37Z