- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
In R77.30 I can get a hotfix to Support Kerberos Authentication on the Identity Agent for AD SSO using AES-128 and AES-256 Cipher suites. The only suites available in SmartConsole are currently RC4-HMAC-NT which is obsolete and DES-CBC-MD5/CRC.
Hi,
The HF was integrated to R80.10 GW , but the setup will remain similar to the HF in R77.30 from CLI, the setting from SmartConsole support will be integrated in the next releases.
Well, the next release is R81.10 and according to @Royi_Priov - this is part of the release.
Hi,
The HF was integrated to R80.10 GW , but the setup will remain similar to the HF in R77.30 from CLI, the setting from SmartConsole support will be integrated in the next releases.
still not part of the R80.40 GUI?
R80.30 take 227 hasn't AES-128 and AES-256 Cipher, too.
@Tzvi_Katzyou said "will be integrated in the next releases" and that was more than four years ago. On which position on the roadmap is this feature? Just asking... 🙂
Well, the next release is R81.10 and according to @Royi_Priov - this is part of the release.
Thank you for your fast response. So we look forward to that release 🙂
still nothing in R81 ? 😞
Check Point has a solution that is something like from a cheap software company. Nothing what I would expect of CP.
[Expert@gw:0]# pdp auth kerberos_encryption set RC4-HMAC-NT
Command: root->auth->kerberos_encryption->set
Please select one of:
policy
aes128-cts-hmac-sha1-96
aes256-cts-hmac-sha1-96
[Expert@gw:0]# pdp auth kerberos_encryption set aes128-cts-hmac-sha1-96
Kerberos encryption type is aes128-cts-hmac-sha1-96
*** You must push the policy for this change to take effect!
I have two domains and I'm not able to change the ciphers only for one domain. What a sh..
Hi,
I presume I'm missing something and not hit a quirk. Attempting to navigate to the Kerberos auto authentication portal yield the following error:
I set my user account, the AD integration account and the Kerberos SSO account to support Kerberos AES 256 bit encryption, ran 'pdp auth kerberos_encryption set aes256-cts-hmac-sha1-96' and then installed policy via SmartConsole.
Edit:
Appears to be working though, as I can:
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY