- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- SSLVPN user can change password for first login
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSLVPN user can change password for first login
Hi Checkmate,
I want to set up local users (SSLVPN users) for the VPN client. I set the same password for all local users (SSL VPN users) to log in to the Check Point endpoint mobile client, and then they have to change the password themselves. Is it possible for VPN client users to change the password at their first login to the client?
I expect to set their password at the first login into the client.
The users are not LDAP Users.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe there is an option for that when you create a user under auth tab? I can check in the lab Monday.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Andy,
Waiting your LAB result. But I couldn't see in R81.20.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The option what Andy mentioned is available when I create an user on GAIA.
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thats right @AkosBakos
@yeruel Just tested in R81.20 and R82, such option does NOT exist for local vpn users. Is it possible, Im not sure, sorry : - (
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My private opinion: avoid to use local users on the GW. I'm 100% percent sure, you have some kind of RADIUS, or something else for handling users. It would be much more safer...
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We recommend not to use local accounts that authenticate the Remote Access VPN users with password-only authentication. This section provides mitigation steps to discover and prevent such accounts from logging into the VPN.
Read here for more info: https://support.checkpoint.com/results/sk/sk182336
If you like this post please give a thumbs up(kudo)! 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Totally agree!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @the_rock @Lesley @AkosBakos
I am going to use LDAP. Let me move the local users to Active directory and sync the AD with checkpoint. Therefore LDAP users can login using their LDAP username and password on vpn client. Is that right?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thats the whole idea, correct. Just make sure its configured right and that branches can be fetched after.
Andy
https://support.checkpoint.com/results/sk/sk31841
If you follow above sk, it has to work 100%.
