This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
tavi0906
Contributor
‎2024-05-28 09:12 AM

alert

is there a way to notify the Admin about local user expiry using smtp?

0 Kudos
6 Replies
Lesley
Leader Leader
Leader
‎2024-05-28 10:43 AM

admin can get warning when they login. this is configured in Smart Console: 

 

Configuring Default Expiration for Administrators

If you want to use the same expiration settings for multiple accounts, you can set the default expiration for administrator accounts. You can also choose to show notifications about the approaching expiration date at the time when an administrator logs into SmartConsole or one of the SmartConsole clients. The remaining number of days, during which the account will be alive, shows in the status bar.

To configure the default expiration settings:

  1. Click Manage & Settings > Permissions & Administrators > Advanced.

  2. Click Advanced.

  3. In the Default Expiration Date section, select a setting:

    • Never expires

    • Expire at - Select the expiration date from the calendar control

    • Expire after - Enter the number of days, months, or years (from the day the account is made) before administrator accounts expire

  4. In the Expiration notifications section, select Show 'about to expire' indication in administrators view and select the number of days in advance to show the message about the approaching expiration date.

  5. Publish the SmartConsole session.

 

I have never seen an option to send an e-mail regarding this. E-mails are more for system alerts and or if a firewall rules is being 'hit'. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
tavi0906
Contributor
‎2024-05-29 09:00 PM
In response to Lesley

This is an existing setup with an Active (A) / Passive (B) configuration. Since we have no access to the Active Firewall (A) due to all local accounts expiring without notifications, we are planning to initiate a failover via SmartConsole. Is this the best approach instead of disconnecting physical connections?

After failover, we will conduct account recovery (referencing sk163461) for the Active Firewall (A). Alternatively, is there a way to modify the expired local user account from Firewall (B) after the failover?

0 Kudos
PhoneBoy
Admin
Admin
‎2024-05-30 06:00 AM
In response to tavi0906

Assuming this is a ClusterXL cluster, members would likely be expired on the passive also since this is all set on the management.
And what precise accounts are we talking about here? Gaia OS user accounts? VPN User accounts? Admin accounts?

0 Kudos
tavi0906
Contributor
‎2024-05-30 06:20 AM
In response to PhoneBoy

Yes, this is clusterXL . we can able to login to standby firewall. we are talking about admin accounts and GAIA OS user accounts.

how can we recover the all accounts on active one ? and can we change the priority of standby in smart console to become active one ?

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2024-05-30 07:09 AM
In response to tavi0906

Are these firewalls plus management servers, or just firewalls?

If they are just firewalls, do you have access to the command line of the management server which manages them?

If so, you may be able to use this to run commands on the firewall:

cprid_util -verbose -server "<firewall address>" rexec -rcmd <some command here>

Replace <firewall address> with the main IP address of the cluster member where you want to run the command. For example, this would add a new administrative user to a firewall (or cluster member) with the main IP 10.20.30.40:

cprid_util -verbose -server "10.20.30.40" rexec -rcmd clish -s -c "add user someNewUser uid 0 homedir /home/someNewUser"

If the returned data includes "(NULL BUF)", that means the management couldn't connect to CPRID on the firewall or member.

0 Kudos
tavi0906
Contributor
‎2024-05-30 09:24 AM
In response to Bob_Zimmerman

Is there any sk which shows the above procedure. if yes, please share.

And also can we follow this https://support.checkpoint.com/results/sk/sk106490  to reset the password ?

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events