still not part of the R80.40 GUI?

R80.30  take 227 hasn't AES-128 and AES-256 Cipher, too.

@Tzvi_Katzyou said "will be integrated in the next releases" and that was more than four years ago. On which position on the roadmap is this feature? Just asking... 🙂

Thank you for your fast response. So we look forward to that release 🙂

Check Point has a solution that is something like from a  cheap software company. Nothing what I would expect of CP.

[Expert@gw:0]# pdp auth kerberos_encryption set RC4-HMAC-NT

Command: root->auth->kerberos_encryption->set

Please select one of:

policy

aes128-cts-hmac-sha1-96

aes256-cts-hmac-sha1-96

[Expert@gw:0]# pdp auth kerberos_encryption set aes128-cts-hmac-sha1-96

Kerberos encryption type is aes128-cts-hmac-sha1-96

*** You must push the policy for this change to take effect!

I have two domains and I'm not able to change the ciphers only for one domain. What a sh..

Hi,

I presume I'm missing something and not hit a quirk. Attempting to navigate to the Kerberos auto authentication portal yield the following error:

I set my user account, the AD integration account and the Kerberos SSO account to support Kerberos AES 256 bit encryption, ran 'pdp auth kerberos_encryption set aes256-cts-hmac-sha1-96' and then installed policy via SmartConsole.

Edit:

Appears to be working though, as I can:

• navigate to https://fwcp1.company.com/connect, to clear any existing identity associations
• navigate to http://neverssl.com, to initiate an authentication process redirect
• Logs confirm automated identity awareness association was done via Kerberos: