This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Chandhrasekar_S
Collaborator
‎2017-12-04 08:37 AM

AD authentication for device management

Hi All,

Can we just use AD groups for Checkpoint gateways and management server authentication

Do we need to have a Full AAA server like RADIUS/TACACS for authentication

Will we not be able to configure RBAC using AD groups, without AAA server.

Please let me know

Thanks,

Chandru

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2017-12-04 09:39 PM

Active Directory cannot be used to manage Check Point devices or authenticate via SmartConsole except when configuring specific features that require this.

Otherwise, you need to use a RADIUS/TACACS+ (which of course, could be backed by AD).

Ron_Izraeli
Employee
Employee
‎2017-12-05 06:00 AM

Actually we started collecting requirements for management server authentication with AD.

You are welcome to contact me by mail.

Chandhrasekar_S
Collaborator
‎2017-12-06 11:19 AM
In response to Ron_Izraeli

Thanks Ron. Will contact you over email

Oscar_Medina1
Contributor
‎2018-07-12 10:36 AM
In response to Ron_Izraeli

Hi Ron Izraeli‌ . I realize this post is old, and wonder if the feature you mentioned (authenticating against AD) is now available?  I am trying to plan and design the authentication for our CheckPoint Management Servers which are all in Azure cloud.  Any guidance is super appreciated!

Cheers,
@SharePointOscar

0 Kudos
PhoneBoy
Admin
Admin
‎2018-07-13 02:55 AM
In response to Oscar_Medina1

Nothing has changed in this regard so far.

Ron Izraeli‌ is collecting requirements for later releases, though.

Oscar_Medina1
Contributor
‎2018-07-23 10:28 AM
In response to PhoneBoy

Hi Dameon Welch Abernathy‌ . Got a quick question for ya. I am trying to leverage any Azure capabilities that may help streamline setup of administrator accounts for the management servers we have.

As of now, I've setup VPN (P2S) to our hub vNET which allows access to the Azure resources including those Management Servers.  My VPN setup simply uses Certificates, so my root CA is stored in AzureVault.  I plan to distribute a different client certificate for each user who will administer the CheckPoint Management servers. 

However, I see that CheckPoint SmartConsole (which I assume uses the API) allows for creating an account and includes the ability to create a certificate for said user.  My question is; can I import an existing user certificate created on KeyVault and map it to a given administrator account via the CLI, if so, what would that look like?  I checked the API and only saw the ability to create an administrator account using password...

Any guidance is super appreciated,
@SharePointOscar

0 Kudos
PhoneBoy
Admin
Admin
‎2018-07-23 10:56 AM
In response to Oscar_Medina1

You should ask this question in Developers (Code Hub)‌.

Offhand, I'm not sure this is possible. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top