This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nlegastelois
Explorer
‎2020-03-18 06:26 AM

customize http client authentication page

Hello,

 

We are using FW version 80.10 and we have the HTTP client authentication page that has been customized with logo and background, these image have been configured by using links to another web server due to the page size limitation.

We tried to upgrade our gateway to the 80.30 but after that we dicovered that the checkpoint internal web server was using the feature "content security policy" by adding a setting into the header and the browsers block the image when loading the page.

Do you know if know the page size is still limited and if I can host the image from the checkpoint itself and where ?

Is there a way to change the internal web server setting in order to allow external src of image ? and where are the config file ?

Thanks for your help, I am searching for a while about this.

Nico

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2020-03-18 06:44 AM

What precise reason are you still using Client Auth?
We've deprecated this authentication method in R80.x and recommend using Identity Awareness, which does have its own Captive Portal.
0 Kudos
nlegastelois
Explorer
‎2020-03-18 07:01 AM
In response to PhoneBoy

To be honest I don't know as the solution are in place for long time and I am trying to manage it now.

We are accessing to the URL http://fw:900  and we can enter our AD credential then it's linked to a radius with MFA. We are using this authentication for users that are connected to a global VPN and we have some part of our network with rules that need to identify the users.

I found that the deamon is in.ahclientd and the web pages are in $FWDIR/conf/ahclientd.

I don't know if it is really User authentication ?

Is it possible to replace by User awareness and how ?

 

Thanks

0 Kudos
nlegastelois
Explorer
‎2020-03-19 10:11 AM
In response to nlegastelois

Hello,

other question if the identity awareness is the solution, is there a way to personalize the web site directly by changing the php code ?

 

Thanks

0 Kudos
PhoneBoy
Admin
Admin
‎2020-03-19 04:43 PM
In response to nlegastelois

Identity Awareness is the solution, yes.
You might be able to customize the portal by hacking the underlying code, but I don't think we provide any instructions for that.
0 Kudos
nlegastelois
Explorer
‎2021-03-16 06:41 AM
In response to PhoneBoy

Hi,

Sorry to refresh this topic but I am still looking for a way to customize the captive portal because the default possibilities are not sufficients.

Does someone already customized the portal by modifying the code ? Is that something that will follow the Checkpoit upgrades ?

Thank you for your help.

Nicolas

0 Kudos
PhoneBoy
Admin
Admin
‎2021-03-16 08:30 AM
In response to nlegastelois

The underlying code is in: /opt/CPUserCheckPortal/htdocs
I think it's safe to say any modifications to this will NOT survive an upgrade or maybe even a JHF.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events