This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
yeruel
Participant
a week ago

SSLVPN user can change password for first login

Hi Checkmate,

I want to set up local users (SSLVPN users) for the VPN client. I set the same password for all local users (SSL VPN users) to log in to the Check Point endpoint mobile client, and then they have to change the password themselves. Is it possible for VPN client users to change the password at their first login to the client?

I expect to set their password at the first login into the client.

The users are not LDAP Users.

0 Kudos
9 Replies
the_rock
Legend
Legend
Saturday

I believe there is an option for that when you create a user under auth tab? I can check in the lab Monday.

Andy

0 Kudos
yeruel
Participant
Sunday
In response to the_rock

Hi Andy,

Waiting your LAB result. But I couldn't see in R81.20.

 
 

Checkmate.png

Preview file
27 KB
0 Kudos
AkosBakos
Leader Leader
Leader
Monday
In response to yeruel

The option what Andy mentioned is available when I create an user on GAIA.

----------------
\m/_(>_<)_\m/
the_rock
Legend
Legend
Monday
In response to AkosBakos

Thats right @AkosBakos 

@yeruel Just tested in R81.20 and R82, such option does NOT exist for local vpn users. Is it possible, Im not sure, sorry : - (

Andy

0 Kudos
AkosBakos
Leader Leader
Leader
Monday
In response to the_rock

My private opinion: avoid to use local users on the GW.  I'm 100% percent sure, you have some kind of RADIUS, or something else for handling users. It would be much more safer...

----------------
\m/_(>_<)_\m/
0 Kudos
Lesley
Mentor Mentor
Mentor
Monday

We recommend not to use local accounts that authenticate the Remote Access VPN users with password-only authentication. This section provides mitigation steps to discover and prevent such accounts from logging into the VPN.

Read here for more info: https://support.checkpoint.com/results/sk/sk182336

-------
If you like this post please give a thumbs up(kudo)! 🙂
the_rock
Legend
Legend
Monday
In response to Lesley

Totally agree!

0 Kudos
yeruel
Participant
Tuesday
In response to the_rock

Hi @the_rock @Lesley @AkosBakos 

I am going to use LDAP. Let me move the local users to Active directory and sync the AD with checkpoint. Therefore LDAP users can login using their LDAP username and password on vpn client. Is that right?

the_rock
Legend
Legend
Tuesday
In response to yeruel

Thats the whole idea, correct. Just make sure its configured right and that branches can be fetched after.

Andy

https://support.checkpoint.com/results/sk/sk31841

If you follow above sk, it has to work 100%.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events