This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Oussama_Kadim1
Contributor
‎2018-08-27 02:39 AM

Identity Awareness and smart cards

Dear All,

I need to implement Identity Awareness on checkpoint R77.30 for a client. The client would like to use smart cards to authenticate users on the GW.  (Smart cards contain SSL certificate and are already used to authenticate users on the network and to unlock their PCs).

Could you please tell me if there is any documentation of how to implement IDawareness based on smart cards on checkpoint? 

Regards.

identity awareness‌  identity agent‌ authentication‌ #smart card

0 Kudos
4 Replies
G_W_Albrecht
Legend Legend
Legend
‎2018-08-27 04:01 AM

According to sk86441, Identity Awareness gets identities from these identity sources. You must enable them on the Gateway, from the Identity Awareness page of the Gateway object:

  • Active Directory (AD) Query
  • Browser-Based Authentication 
  • Identity Agents (installed on the Endpoint) 
  • Terminal Servers Agents 
  • Radius Accounting 
  • Remote Access 
  • Identity Collector
  • Web API
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
_Val_
Admin
Admin
‎2018-08-27 04:06 AM

Any means of authentication against AD should work for you, if you are using AD Query and/or Identity Collectors. 

Please elaborate of the exact scenario. It is unclear if you mean "on the PC" auth or a direct auth on the GW. If latter, please tell us how you see it.

0 Kudos
Oussama_Kadim1
Contributor
‎2018-08-27 05:11 AM
In response to _Val_

 Hello,

Currently users use the smart card to authenticate themselves on their workstations.
Once authenticated, users access the company network.


Access threading between users and applications is done via checkpoints, and this filtering is based only on source/destination IPs and the tcp/Udp port.


We wish then to put more security and traceability by setting up the blade IDawareness.

The customer does not wish to use AD query, Log collector etc., asked me to do a study on the possibility to use the smart card and to use the certificate it contains in order to identify users and use access control type filtering.

Regards.

0 Kudos
_Val_
Admin
Admin
‎2018-08-27 05:22 AM
In response to Oussama_Kadim1

Identity Awareness uses associations of User Identity (combination of user auth details with some sort of authentication techniques, such as AS, LDAP, etc and machine identity for managed PCs) and IP associated with the identified endpoint. FW uses IP to enforced rules associated with User Roles.

I suggest you to look into sk86441 for the best scenario. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top