Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PointOfChecking
Contributor

Mobile VPN Access - Client Certificate: Forgot Password (1st Line Support)

Jump to solution

Hi,

We're looking to pass the "reset password" job to 1st line support to generate new client certificates on R80.40.

How would we go about doing this, without giving them authority to the rest of the FW MGMT?

As I'm aware, we currently do this via the Mobile Access tab in SmartDashboard.

 

Thanks

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin

The administrator profile for the relevant users likely needs the following two permissions:

  • Check Point Users Database
  • Client Certificates

Screen Shot 2021-05-07 at 11.10.44 AM.png

View solution in original post

0 Kudos
G_W_Albrecht
Legend
Legend

No way - you have to install full or portable SmartConsole on every client.

View solution in original post

0 Kudos
8 Replies
PhoneBoy
Admin
Admin

The administrator profile for the relevant users likely needs the following two permissions:

  • Check Point Users Database
  • Client Certificates

Screen Shot 2021-05-07 at 11.10.44 AM.png

View solution in original post

0 Kudos
PointOfChecking
Contributor

PhoneBoy,

 

Thanks as usual!

So I assume, I would need to install SmartConsole for 1st Line Support?

Is there another EXE program which they could use that directly takes them to the Certificate management page?

For example, I know running "%PROGRAMFILES(X86)%\CPAppStart.exe" 3 will start SmartView Monitor.

 

Is there another "Number" I could use to start SmartDashboard > Mobile Access Tab?

 

Again, we're using R80.40

 

Thanks.

 

0 Kudos
G_W_Albrecht
Legend
Legend

Not really - link to FwPolicy.exe to open the legacy Dashboard with MAB Tab.

0 Kudos
PointOfChecking
Contributor

That's great!  😀

Thanks for that.  I've found that exe in the program files folder, but how could I get this onto 1st line supports' machines without installing the full SmartConsole?

 

I've tried copying the EXE, CHM and .exe.config files onto a test machine, but I seem to be still missing something.

 

 

0 Kudos
G_W_Albrecht
Legend
Legend

No way - you have to install full or portable SmartConsole on every client.

View solution in original post

0 Kudos
PointOfChecking
Contributor

Thanks Mr.

 

I'll follow this advice.

 

Thanks.

 

0 Kudos
PhoneBoy
Admin
Admin

The other option would be to use the API and write whatever front end you’d like.
The relevant API bits are discussed here: https://community.checkpoint.com/t5/API-CLI-Discussion/Creating-user-a-certificate-via-API/m-p/99996...

0 Kudos
PointOfChecking
Contributor

Thanks.  Interesting article, but not worth investing that kind of time for our environment. 😊

Appreciate the link though!

 

0 Kudos