Upload File

microsoft ad and checkpoint ng ai secure client

prev
next
out of 14
Download Microsoft AD and Checkpoint NG AI Secure Client

Upload: shark9905

Post on 08-Apr-2018

232 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 8/6/2019 Microsoft AD and Checkpoint NG AI Secure Client

    1/14

    Using Microsoft Active Directory for Checkpoint NG AI SecureClient

    Dave Crowfootwww.works4me.com

    [email protected]

    This is the solution that I came up with to utilize MS Active directory to authenticate SecureClientusers.

    I do not extend the AD schema or use radius for this solution.

    I do not use SmartDashboard to administer my AD users. I do not like the way it handles usermaintenance and without extending the schema it doesnt work that well anyway. I only use theMS tools for this.

    Environment used to create and test solution:

    Compaq Proliant ML530SecurePlatform NG AIVPN-1 / FW-1 NG AISeparate Management and Enforcement PointSimplified Mode for policies

    If you have any questions about this solution, please feel free to email at the above address

    And as always, this works 4 me.

    http://www.works4me.com/mailto:[email protected]:[email protected]://www.works4me.com/

  • 8/6/2019 Microsoft AD and Checkpoint NG AI Secure Client

    2/14

    First I created a security group in Users called VPN-Users in the ADcn=VPN-Users,cn=Users,dc=xxxx,dc=yyy

    This is an AD group that I put all my allowed VPN users into. Also, this group serves asthe one that maintains the amount of SecureClient licenses you own.

    In SmartDashboard:

    Go to the Policy Menu / Global PropertiesFrom the LDAP Account Management branch , select Use LDAP , click OK

    Create a host for your Active Directory Server: MSADSrv

    Go to the Users IconRight click Templates and select New Template

    (General Tab)Template Name: VPN User

  • 8/6/2019 Microsoft AD and Checkpoint NG AI Secure Client

    3/14

    (Authentication Tab)

    Authentication Scheme: VPN-1 & Firewall-1 Password Click OK

  • 8/6/2019 Microsoft AD and Checkpoint NG AI Secure Client

    4/14

    Go to Manage Menu / Servers. Create a LDAP Account Unit object.

    (General Tab)Give it a name, i.e., MSAD Check both boxes, CRL retrieval and User management Set Profile to Microsoft_AD

  • 8/6/2019 Microsoft AD and Checkpoint NG AI Secure Client

    5/14

    (Servers Tab)Click AddChoose the host that represents your AD Domain controllerLeave Port at 389Login DN: cn=Administrator,cn=Users,dc=xxxx,dc=yyyEnter administrator password twiceCheck both boxes, Read data from this server , Write data to this server

  • 8/6/2019 Microsoft AD and Checkpoint NG AI Secure Client

    6/14

    (Servers Tab / Encryption Tab)Check Use SSL Click Fetch for FingerprintSet Encryption to strong and strong for Min and Max

  • 8/6/2019 Microsoft AD and Checkpoint NG AI Secure Client

    7/14

    (Objects Management)Select your AD object and fetch the branchClick OK

    Note: Active Directory only returns cn=users,dc=x wher ex is the AD domain.When users are defined under separate organizational untis those units should Be manually added as branches. When doing so, they MUST be in the format of

    OU=yyy,OU=yyy,DC=xxxx,DC=zzzz

  • 8/6/2019 Microsoft AD and Checkpoint NG AI Secure Client

    8/14

    (Authentication)Use user template: VPN User IKE pre-shared secret encryption key: AD Administrator password

  • 8/6/2019 Microsoft AD and Checkpoint NG AI Secure Client

    9/14

    Go to the Users Icon Right click on LDAP Groups and select New LDAP Group Enter a name: VPN-Users Select the account unit you created: MSAD

    Groups ScopeFirst, select Only Sub Tree and select, cn=users,DC=xxxx,DC=yyy

    Note: This has to be done f irst because it is the only way I found to make the next step work correctly.

    Second, select Only Group in branch and put cn=VPN-Users

    Note: This LDAP group will be used in the source of the Remote Access rule(s)

  • 8/6/2019 Microsoft AD and Checkpoint NG AI Secure Client

    10/14

    Open your VPN-1 gateway object and click on the Authentication branch and set the PolicyServer Users group to VPN-Users

  • 8/6/2019 Microsoft AD and Checkpoint NG AI Secure Client

    11/14

    You can check the properties of a LDAP user by double clicking a user in the LDAP Account Unit.When using MS AD, the template is defined using VPN-1 & Firewall-1 Password

    If you click OK on these screens, you might get the following because the MS Schema has notbeen extended. This is why I do not use these tools for user maintenance.

  • 8/6/2019 Microsoft AD and Checkpoint NG AI Secure Client

    12/14

  • 8/6/2019 Microsoft AD and Checkpoint NG AI Secure Client

    13/14

    When creating Remote Access rules, you use the LDAP Group VPN-Users

    Security

    Desktop Security

  • 8/6/2019 Microsoft AD and Checkpoint NG AI Secure Client

    14/14

    In closing, the important notes are:

    1. The MS AD group VPN-Users MUST contain all the users that you wish to allow VPNaccess too regardless of what resources that you wish them to access.

    2. The LDAP group VPN-Users is associated with the Policy Server in the Gatewayproperties.

    3. You can add more LDAP groups that are associated with MS AD groups for moregranular control over with resources your users have access to. This is what you see inthe rules figures above.

    4. Using this method of authentication and access control, you never use CheckpointGroups only LDAP Groups.


Checkpoint #2

FLACS CHECKPOINT B - NYSAWLA · The 5 0 speaking tasks that constitute Part 1 of the FLACS Checkpoint B Regional Exams are included in the NYSAWLA 2 019 Secure Speaking Task booklet

CheckPoint 1

Checkpoint NGX Secure Platform Pro and Advanced Routing Suite CLI

Revista Checkpoint

Checkpoint r77

Microsoft Active Directory and Checkpoint NG AI … Active Directory and Checkpoint NG AI... · Using Microsoft Active Directory for Checkpoint NG AI SecureClient Dave Crowfoot [email protected]

Checkpoint Laboral

Secure logging with syslog-ng - FOSDEM9 FOSDEM 2020 Secure logging implementation File Relay Network OS Application syslog-ng Source Source driver Source driver Destination FilterFilter

SB4 Checkpoint

Manual Cliente CheckPoint-Secure Remote 2018 › upload › enlace › 240-240430manualinstala… · Manual Cliente CheckPoint-Secure Remote 10 Gerencia de tecnología de la Información

Circuit de detecció ITS a BCN -CheckPoint · – GeneXpert CT/NG (Participants estudis) – Circuit asimptomàtics • ProctitisàPCR – GeneXpert CT/NG (Participants estudis) –

Checkpoint comparison

ACS Checkpoint Implementation Guideimages.acswebnetworks.com/1010/1487/CPImplementation... · ACS Checkpoint Implementation Guide 2 Checkpoint Overview Checkpoint is check-in/check-out

Secure Content Snifï¬ng for Web Browsers, How to Stop Papers from

Checkpoint – Pension & Benefits Sourcessupport.checkpoint.thomsonreuters.com/assets/checkpoint/...Checkpoint – Pension & Benefits Sources All Pension & Benefits Sources • 83

Political checkpoint

Mastering Checkpoint

COOP Checkpoint

Brochure CheckPoint

NOVOLAY secure PYRANOVA secure - schott.com · p8b rc 5 novolay® secure br7 rc5 rc 5 1.9.9 - 66 140 ng p8b rc 6 novolay

Libyan Checkpoint

Apresentação Checkpoint

Self-Checkpoint: An In-Memory Checkpoint Method Using Less

Comparación CheckPoint

Entering checkpoint levels - Teaching Strategies, LLC....Entering checkpoint levels There are two ways to enter your checkpoint information: Checkpoint By Child and Checkpoint By Class

Checkpoint final

Checkpoint B

CheckPoint 156-915.76 test, 156-915.76 CheckPoint practice exam

Checkpoint VPN-1 FireWall-1 NG Management II Instructors Slides

checkpoint 4

CheckPoint Internals of PostgreSQL. Buffer Cache Basics in PostgreSQL Checkpoint Definition Checkpoint Implementation in PostgreSQL Advantages & Disadvantages

Checkpoint R65 Secure Platform Secure Platform Pro Admin Guide

Checkpoint Fw

checkpoint 8