This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Dilian_Chernev
Collaborator
‎2017-07-17 04:59 AM

Is there a way to use two-factor authentication for SmartConsole and Gaia Web portal/SSH console?

Is there a way to use two-factor authentication for SmartDashboard and Gaia Web portal/SSH console? 

Some combination like cert+username/password or with Radius supporting OTP (One time passwords).

We have audit recommendations that all devices that manage access to PCI DSS network segments should have two-factor authentication.

Thanks

3 Replies
PhoneBoy
Admin
Admin
‎2017-07-17 09:02 AM

You can authenticate to SmartConsole with a certificate:

You can also define certificates for users as well (if both password and certificate are defined, both credentials are required to log in):

For the WebUI on Gaia OS, certificates cannot be used, but you can use a RADIUS/TACACS+ server that requires a one-time password for authentication.

Note that RADIUS/TACACS+ is also supported for SmartConsole authentication as well.

Dilian_Chernev
Collaborator
‎2017-07-17 11:35 PM
In response to PhoneBoy

Thank you Dameon!

I am aware of using certificates and password, but during my tests I was able to login only with one of the methods - password or certificate, no both of them.

Will try to build a test setup with RADIUS and OTP also. I am wondering is there a feature to display field for entering the OTP. 

0 Kudos
PhoneBoy
Admin
Admin
‎2017-07-18 07:04 AM
In response to Dilian_Chernev

There is only one field for entering a password, unfortunately.

If you want BOTH an OTP and a regular password, you may be able to set that up on the RADIUS server (similar to how SecurID does it). 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top