This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Georgi_Lyaskov
Participant
‎2018-04-25 02:17 AM
Jump to solution

SMB - disable default username and password authentication

Hello Checkmates,

I found very useful information here about the SMB appliances and how to start Remote-Access VPN with certificate authentication. I'm curious to know is there a why to disable the default username and password authentication?

0 Kudos
1 Solution

Accepted Solutions
Pedro_Espindola
Advisor
‎2018-05-04 09:55 AM
In response to Georgi_Lyaskov
Jump to solution

You are correct. On SMB appliances it is only possible with 3rd party products. You can use a Radius server which takes care of the 2FA for you.

View solution in original post

0 Kudos
5 Replies
Georgi_Lyaskov
Participant
‎2018-04-25 03:37 AM
Jump to solution

Just to clarify - Now remote users can connect with SecuRemote VPN or Capsule VPN client with either Username and Password authentication or certificates. I want to force the clients to use only certificates and disable the username- password authentication for VPN at all.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-04-25 04:51 AM
In response to Georgi_Lyaskov
Jump to solution

These are the methods to configure remote access users on locally managed SMBs:
• Local users
• RADIUS users
• AD users

Certificates are accepted (if known).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-04-25 03:56 AM
Jump to solution

The answer is easy: CP password has a length between 4 and 8 characters and may contain no spaces . In times of 2FA this is rather a weak solution...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Georgi_Lyaskov
Participant
‎2018-04-25 04:07 AM
In response to G_W_Albrecht
Jump to solution

Yes, 2FA will be the best, but as I see it is not natively supported on SMB appliances and is possible only with 3rd party products, or I'm missing such solution from Checkpoint?

0 Kudos
Pedro_Espindola
Advisor
‎2018-05-04 09:55 AM
In response to Georgi_Lyaskov
Jump to solution

You are correct. On SMB appliances it is only possible with 3rd party products. You can use a Radius server which takes care of the 2FA for you.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top