Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PointOfChecking
Collaborator
Jump to solution

Mobile VPN Access - Client Certificate: Forgot Password (1st Line Support)

Hi,

We're looking to pass the "reset password" job to 1st line support to generate new client certificates on R80.40.

How would we go about doing this, without giving them authority to the rest of the FW MGMT?

As I'm aware, we currently do this via the Mobile Access tab in SmartDashboard.

 

Thanks

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin

The administrator profile for the relevant users likely needs the following two permissions:

  • Check Point Users Database
  • Client Certificates

Screen Shot 2021-05-07 at 11.10.44 AM.png

View solution in original post

0 Kudos
G_W_Albrecht
Legend Legend
Legend

No way - you have to install full or portable SmartConsole on every client.

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
8 Replies
PhoneBoy
Admin
Admin

The administrator profile for the relevant users likely needs the following two permissions:

  • Check Point Users Database
  • Client Certificates

Screen Shot 2021-05-07 at 11.10.44 AM.png

0 Kudos
PointOfChecking
Collaborator

PhoneBoy,

 

Thanks as usual!

So I assume, I would need to install SmartConsole for 1st Line Support?

Is there another EXE program which they could use that directly takes them to the Certificate management page?

For example, I know running "%PROGRAMFILES(X86)%\CPAppStart.exe" 3 will start SmartView Monitor.

 

Is there another "Number" I could use to start SmartDashboard > Mobile Access Tab?

 

Again, we're using R80.40

 

Thanks.

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Not really - link to FwPolicy.exe to open the legacy Dashboard with MAB Tab.

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PointOfChecking
Collaborator

That's great!  😀

Thanks for that.  I've found that exe in the program files folder, but how could I get this onto 1st line supports' machines without installing the full SmartConsole?

 

I've tried copying the EXE, CHM and .exe.config files onto a test machine, but I seem to be still missing something.

 

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

No way - you have to install full or portable SmartConsole on every client.

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PointOfChecking
Collaborator

Thanks Mr.

 

I'll follow this advice.

 

Thanks.

 

0 Kudos
PhoneBoy
Admin
Admin

The other option would be to use the API and write whatever front end you’d like.
The relevant API bits are discussed here: https://community.checkpoint.com/t5/API-CLI-Discussion/Creating-user-a-certificate-via-API/m-p/99996...

0 Kudos
PointOfChecking
Collaborator

Thanks.  Interesting article, but not worth investing that kind of time for our environment. 😊

Appreciate the link though!

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events