Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Admin_CheckPoin
Participant
Jump to solution

How to change password of "admin" of SmartConsole?

We have bought some Check Point firewalls through a subcontractor who also set up the SmartConsole R80.10 for us.

We would like to change the default password of the "admin" account but we don't know the steps.  Please help.

1 Solution

Accepted Solutions
AlekseiShelepov
Advisor

A good place to start searching any solution for Check Point is Support Center.

Changing master administrator password for SmartConsole applications 

In R80.x SmartConsole, this can be done in Manage & Settings -> Permissions & Administrators -> Advanced -> Check Point Password.

View solution in original post

(1)
19 Replies
AlekseiShelepov
Advisor

A good place to start searching any solution for Check Point is Support Center.

Changing master administrator password for SmartConsole applications 

In R80.x SmartConsole, this can be done in Manage & Settings -> Permissions & Administrators -> Advanced -> Check Point Password.

(1)
Admin_CheckPoin
Participant

Hi Aleksei,

I went to the indicated place but the button is greyed out:

The "Change" button is greyed out

What can I do?

Vladimir
Champion
Champion

Another possibility:

So long as your CP admin account was configured to use Gaia's admin, execute "set user admin password" in clish on your management server, where "admin" is the name of your administrative account on Gaia.

0 Kudos
Admin_CheckPoin
Participant

Hi Vladimir,

Thanks for your reply, but, well, I have to say that I don't understand any word of what you've written 😕

Long story short, our subcontractor did not give us any training on how to use the firewall and SmartConsole.  We have bought a support & maintenance plan with them.  And when I opened a support ticket with them to say that we want to change admin password, they didn't clearly tell us how to do it.  They merely "pointed" us to read the manual at https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm !!!

And they added that we could ask the question in this forum.

We are very unsatisfied by their service, or should I say "lack of service"

_Val_
Admin
Admin

I do not think blaming support for lack of basic skills with the product is fair. Also, configuration change does not qualify as support issue. The answer you received is adequate and goes even beyond your support contract.

To help you out, some more information is required.

1. SmartConsole can be used by multiple users. Which account password do you want to change?

2. When configuring R80.10 Management machine, what has been set for the default admin account? Are the credentials of "admin" account reused to access SmartConsole?

If the answer to p. 2 is yes, you may want to change Gaia OS admin password as well. Vladimir Yakovlev‌ has already told you how to do that. You need to:

a. open ssh session to the machine and login as admin.

b. run the mentioned command: set user admin password - and change the password.

c. after changing password run "save config" and exit ssh session.

That will change both OS and GUI admin password. 

In general, please consider taking some courses on Check Point products. Standard CCSA R80.10 course will help you enormously.

0 Kudos
(1)
Admin_CheckPoin
Participant

Valeri Loukine wrote:

I do not think blaming support for lack of basic skills with the product is fair. Also, configuration change does not qualify as support issue. The answer you received is adequate and goes even beyond your support contract.

 

<deleted>

It is very fair!

You wrote so because you don't have all the information.

Actually, it was written in the contract that they had to:
1) ensure "knowledge transfer", ie they were paid to teach us some minimum knowledge that would let us do some basic things
2) write a documentation of what they had done

But at the end, they were "late on the planning" because they didn't organized thing correctly, and they had to "skip" the knowledge transfer.  And the documentation?  We had to urge five or six times to have the "draft version"!

Anyway, after attending the CheckPoint workshop, things are a lot clearer for me.  Now I understood what some of you were saying.  However, the employed language is not rigorous enough to make people understand and this problem comes from Check Point itself.

(1)
_Val_
Admin
Admin

Okay, I see there is a misunderstanding here.

You are obviously talking of your counterpart that sold you Check Point. In this regard, yes, I agree with you, they should complete all contractual obligations as written there. If knowledge transfer and documentation were promised and not delivered, do whatever you have to do, to get them done.

Now, earlier you wrote: "We have bought a support & maintenance plan with them. And when I opened a support ticket with them to say that we want to change admin password, they didn't clearly tell us how to do it.  They merely "pointed" us to read the manual..."

I took it as you are blaming Check Point TAC for not helping you with the configuration. If that was indeed the case, please read your maintenance contract carefully. If that was not the case, and you are still talking about your third party seller, I am with you.

Finally, to make your journey with Check Point less frustrating, please take a look on our CP4B section, where we are posting quite a few entry level materials for engineers only starting to grasp Check Point solutions and tools. Here is the link to the list of currently posted materials: https://community.checkpoint.com/thread/9695-welcome-to-check-point-for-beginners 

Hope that will help. If not, read the manuals and ask CheckMates

0 Kudos
(1)
PhoneBoy
Admin
Admin

On your management server, when logged into the CLI, try typing cpconfig.

[Expert@MGMT:0]# cpconfig
This program will let you re-configure
your Check Point Security Management Server configuration.
Configuration Options:
----------------------
(1)  Licenses and contracts
(2)  Administrator
(3)  GUI Clients
(4)  SNMP Extension
(5)  Random Pool
(6)  Certificate Authority
(7)  Certificate's Fingerprint
(8)  Automatic start of Check Point Products
(9) Exit

Enter your choice (1-9) :

Choose Option 2 and follow the prompts to create a user with the desired username and password.

I recommend choosing a name other than "admin" Smiley Happy

Then go into SmartConsole with that user/password. 

_Val_
Admin
Admin

That's all ONLY if they do not need to change OS password as well. I bet they do

0 Kudos
PhoneBoy
Admin
Admin

Possible, but let's make sure we give them all the options Smiley Happy

0 Kudos
_Val_
Admin
Admin

I'd rather check what's the actual goal before overwhelming him with options

0 Kudos
PointOfChecking
Collaborator

Hi PhoneBoy,

 

In R81.20, there's no option to create a new admin, just to delete the "admin" account.  Has this changed in R81.20, or am I missing something?

 

0 Kudos
PhoneBoy
Admin
Admin

I believe cpconfig only allows you to create ONE administrator.
The others should be created via SmartConsole.

0 Kudos
PointOfChecking
Collaborator

Ah! So I won't see the create admin option, until after I delete the existing admin.  Got it!

 

BTW, for my solution/problem.  After I changed the password using the WebUI, I just waited about an hour or 2 and the password synced to the SmartConsole admin.  I spoke with TAC and they said the 2 are separate and aren't related, so no idea how that worked.

BUT I have a suggestion, when the password expires on SmartConsole, shouldn't there just be a "your password expired, set a new one and log back in"?  Why do I need to use another admin account to unlock/reset password for my admin account.  As I am the only admin, there is no other admin account I can use to unlock it.

I guess I am lucky that somehow, my WebUI password synced with my SmartConsole password.

 

 

0 Kudos
PhoneBoy
Admin
Admin

If you always want to use your Gaia password with your admin password, change the Authentication method for the admin user to OS Password:

image.png

(1)
PointOfChecking
Collaborator

A star as usual PhoneBoy!

0 Kudos
Hugo_vd_Kooij
Advisor

Going more to the root issue. Did you follow any training? As I would strongly suggest you follow the CCSA training. A lot of things are covered in that course that you may not yet be familiar with.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Admin_CheckPoin
Participant

First, thanks to all for your replies.

It's a certainty that I lack basic knowledge in Check Point and I can only understand half of your replies.  I don't want to fill the other half with guess, speculation and extrapolation.  That might lead to totally wrong interpretation.

I've subscribed to a Check Point workshop two weeks later.  I'll come back to this discussion later.

0 Kudos
_Val_
Admin
Admin

The best decision, good luck with that.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events