- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: Kerberos Authentication in Checkpoint cloudgua...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Kerberos Authentication in Checkpoint cloudguard R80.10
Hi Checkmates,
Currently we have local users for all the checkpoint GAiA and SmartConsole but we are planning to move it to a remote authentication servers. we already have Microsoft Azure AD domain services but looks this is not supported in checkpoint cloudguard R80.10
we also have Kerberos Authentication which I am not sure if that is supported in my version. Can you help me know this?
Many thanks in advance
Omin
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Correct
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For SmartConsole, you cannot do AD authentication directly, but you can indirectly with RADIUS.
Not sure how much of this applies to Azure AD, but: https://community.checkpoint.com/message/28853-re-active-directory-smart-console-administrator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It means we only have one option that is RADIUS. NO Keberos, NO SAML, NO AD, NO TACACS, NO TACACS+ for SmartConsole.
And only RADIUS and TACACS+ for gateways. Am i right?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Correct
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Omin,
First of all, we do support TACACS authentication. You can find the documentation in the admin guide.
Regarding AD authentication, we have developed a solution that is currently offered in a limited availability due to some limitations that might apply to some of the customers.
In order to get this solution you can approach Check Point solution center. We recommend waiting for R80.30 but in case you need it on top of R80.20 we can also consider it.
Regarding Azure, we will need to evaluate it based on information about the topology and configuration, the best way to handle it would be submitting an RFE.
Thanks
Yaelle Harel | Group Manager
Check Point Software Technologies | Management Product