This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AleLovaz82
Collaborator
Collaborator
‎2025-03-17 03:46 AM

Change password with "Checkpoint Password"

Hi, 

a dumb question : some of my vpn user still use local user with Checkpoint Password as auth method, is possible to make them change their password by themself without contacting firewall administrator ?

Thx in advance


0 Kudos
11 Replies
the_rock
MVP Platinum
MVP Platinum
‎2025-03-17 05:20 AM

Thats valid question. See attached. Min is 8 characters.

Andy

Best,
Andy
Preview file
224 KB
0 Kudos
AleLovaz82
Collaborator
Collaborator
‎2025-03-17 05:27 AM
In response to the_rock

Andy in that way a user that doesn't have a smart console account can't manage his own password,that operation can be done only by smart console user

I have a lot of vpn user that use only vpn but don't need to access the smart console.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-03-17 05:28 AM
In response to AleLovaz82

Sorry, maybe I misunderstood. Is it local CP user? If not, what sort of account is it?

Andy

Best,
Andy
0 Kudos
AleLovaz82
Collaborator
Collaborator
‎2025-03-17 06:04 AM
In response to the_rock

it's a simple local user created on smart console used into a local user group ,used into an access-role item ,and it's used only to access the vpn.
SecurityAdmins can change the password for the users, but we don't want to do it ,we want the user to be able to manage his own password .
( I "forced" a lot of user to user AD login to access the vpn ,but "temporary consultant" can't have one )

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-03-17 06:06 AM
In response to AleLovaz82

K, gotcha. Personally, I dont know of any way to do that unless they have smart console access and read-only wont do it, unless you create custom admin profile where they can edit that setting.

Andy

Best,
Andy
0 Kudos
AleLovaz82
Collaborator
Collaborator
‎2025-03-17 06:10 AM
In response to the_rock

but a user should be able to change only is own password,not other user's password
I suppose that the profile will allow me to change that setting or not,but not to change only for the logged you.
I'll give a look and update the thread

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-03-17 06:13 AM
In response to AleLovaz82

Yes, but keep in mind, you can NOT do that from client itself, there is no option on endpoint vpn to do so.

Andy

Best,
Andy
0 Kudos
AleLovaz82
Collaborator
Collaborator
‎2025-03-17 06:15 AM
In response to the_rock

i know that ,but it's better that works as helpdesk for almost one hundred of user 🙂
All local users need to change their password because password policy changed with our new vpn based on 81.20 ,and the old vpn gateway was 80.40  
anyway for our new security policy we are not allowed to know user password...so I have to find a way 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-03-17 06:19 AM
In response to AleLovaz82

I looked at custom admin profile in smart console, but dont see spefic setting for this. Let me know what you find, maybe TAC can confirm as well.

Andy

Best,
Andy
0 Kudos
AleLovaz82
Collaborator
Collaborator
‎2025-03-17 06:35 AM
In response to the_rock

sorry , i forgot...the admin profile is not on option , i should create a 2nd user for each person to log into the MDS / CMA as admin.

I think i'll do a script to change the password for them generatinc a random one and to send it using an email.

In this way it will be easy for me,and it will respect all the security policy

 

the_rock
MVP Platinum
MVP Platinum
‎2025-03-17 06:38 AM
In response to AleLovaz82

Thats the best option, I agree.

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events