Create a Post
Showing results for 
Search instead for 
Did you mean: 

RemoteAccess Users view password or export accounts

Hi everbody

I have some RemoteAccess users (30) authentified by "Check Point Password" on a Firewall. I need to create some same users (6) on another Firewall (not the same management). Is it possible to view in clear the 6 passwords or to export/import the 6 accounts (name/password).

Thank you for your help.


0 Kudos
4 Replies

You should be able to do it with dbedit with something like "show users username".

A hash of the password will be exported (not the clear text)--not sure if that can be imported into another system (haven't tried it yet).

0 Kudos

Well, This is how it looks on R77.30 (no hash, no plain-text password):

dbedit> print users admin

Object Name: admin
Object UID: {9813617A-70C8-4DF6-ADA6-A4BD87FCE69B}
Class Name: user
Table Name: users
Last Modified by: admin
Last Modified from: 
Last Modification time: Sun Sep 9 08:18:44 2018
Fields Details
accessible_from_smc: true
admin_expiration_base_data: admin (
expiration_date: 31-dec-2030
expiration_date_method: expire at
expiration_date_visual_notif: true
administrator: false
administrator_profile: NULL
auth_method: Internal Password
color: black
connection_state: uninitialized
creation_date: 8/27/2018
days: 127
destinations: Name: Any (Table: globals)
expiration_according_to_global_def: true
expiration_visual_indication_mgmt: true
fromhour: 00:00
generic_profile: false
generic_profile_settings: (
groups: Name: TESTING (Table: users)
internal_password: Sensitive Info Removed
name: admin
notdelete: false
radius_server: Name: Any (Table: globals)
sic_identifier: (
id_type: ip_addr
sources: Name: Any (Table: globals)
tacacs_server: Name: Any (Table: globals)
tohour: 23:59
type: user
use_fw_radius_if_exist: true
userc: (
FWZ: (
IKE: (
isakmp.authmethods: signatures SHA1
isakmp.encmethods: DES 3DES
isakmp.encryption: 3DES
isakmp.hashmethods: MD5 SHA1
isakmp.transform: ESP
accept_track: Name: Auth (Table: tracks)
use_global_encryption_values: true

And from GuiDBedit:

So the password (in hash), must be stored in some database.

Kind regards,
Jozko Mrkvicka
0 Kudos


The hashes for Remote Access users should be stored in following file:


The hashes (internal_password) are 13 characters long.

But maybe the better way how to accomplish your plan (to export users) is to use migrate export utility from management.

Kind regards,
Jozko Mrkvicka
0 Kudos


Thank you for the information about dbedit. If I use the migrate export utility how can I import the 6 users account only in the other Firewall ?



0 Kudos