cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

AD authentication for device management

Hi All,

Can we just use AD groups for Checkpoint gateways and management server authentication

Do we need to have a Full AAA server like RADIUS/TACACS for authentication

Will we not be able to configure RBAC using AD groups, without AAA server.

Please let me know

Thanks,

Chandru

0 Kudos
7 Replies
Admin
Admin

Re: AD authentication for device management

Active Directory cannot be used to manage Check Point devices or authenticate via SmartConsole except when configuring specific features that require this.

Otherwise, you need to use a RADIUS/TACACS+ (which of course, could be backed by AD).

Employee+
Employee+

Re: AD authentication for device management

Actually we started collecting requirements for management server authentication with AD.

You are welcome to contact me by mail.

Re: AD authentication for device management

Thanks Ron. Will contact you over email

Re: AD authentication for device management

Hi Ron Izraeli‌ . I realize this post is old, and wonder if the feature you mentioned (authenticating against AD) is now available?  I am trying to plan and design the authentication for our CheckPoint Management Servers which are all in Azure cloud.  Any guidance is super appreciated!

Cheers,
@SharePointOscar

0 Kudos
Admin
Admin

Re: AD authentication for device management

Nothing has changed in this regard so far.

Ron Izraeli‌ is collecting requirements for later releases, though.

Re: AD authentication for device management

Hi Dameon Welch Abernathy‌ . Got a quick question for ya. I am trying to leverage any Azure capabilities that may help streamline setup of administrator accounts for the management servers we have.

As of now, I've setup VPN (P2S) to our hub vNET which allows access to the Azure resources including those Management Servers.  My VPN setup simply uses Certificates, so my root CA is stored in AzureVault.  I plan to distribute a different client certificate for each user who will administer the CheckPoint Management servers. 

However, I see that CheckPoint SmartConsole (which I assume uses the API) allows for creating an account and includes the ability to create a certificate for said user.  My question is; can I import an existing user certificate created on KeyVault and map it to a given administrator account via the CLI, if so, what would that look like?  I checked the API and only saw the ability to create an administrator account using password...

Any guidance is super appreciated,
@SharePointOscar

0 Kudos
Admin
Admin

Re: AD authentication for device management

You should ask this question in Developers (Code Hub)‌.

Offhand, I'm not sure this is possible. 

0 Kudos