Currently we have local users for all the checkpoint GAiA and SmartConsole but we are planning to move it to a remote authentication servers. we already have Microsoft Azure AD domain services but looks this is not supported in checkpoint cloudguard R80.10
we also have Kerberos Authentication which I am not sure if that is supported in my version. Can you help me know this?
Many thanks in advance
For SmartConsole, you cannot do AD authentication directly, but you can indirectly with RADIUS.
Not sure how much of this applies to Azure AD, but: https://community.checkpoint.com/message/28853-re-active-directory-smart-console-administrator
It means we only have one option that is RADIUS. NO Keberos, NO SAML, NO AD, NO TACACS, NO TACACS+ for SmartConsole.
And only RADIUS and TACACS+ for gateways. Am i right?
First of all, we do support TACACS authentication. You can find the documentation in the admin guide.
Regarding AD authentication, we have developed a solution that is currently offered in a limited availability due to some limitations that might apply to some of the customers.
In order to get this solution you can approach Check Point solution center. We recommend waiting for R80.30 but in case you need it on top of R80.20 we can also consider it.
Regarding Azure, we will need to evaluate it based on information about the topology and configuration, the best way to handle it would be submitting an RFE.
Yaelle Harel | Group Manager
Check Point Software Technologies | Management Product