External Authentication with Checkpoint R77.20 Authenticating Users Using SecurAccess Server by SecurEnvoy

Similar documents
External Authentication with Ultra Protect v7.2 SSL VPN Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Citrix GoToMyPc Corporate Edition Authenticating Users Using SecurAccess Server by SecurEnvoy

External authentication with Citrix Xen App (Web Interface) version 5 Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Windows 2008R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy

SecurEnvoy Microsoft Server Agent

SecurEnvoy Windows Login Agent

Checkpoint R80.10 Integration Guide (ASA)

SecurEnvoy Microsoft Server Agent Installation and Admin Guide v9.3

External Authentication with Windows 2016 Server with Remote Desktop Web Gateway with Single Sign On

SecurEnvoy Windows Logon Agent Installation and Admin Guide v9.3 Including support for SecurPassword

Microsoft O365 Integration Guide

4TRESS AAA. Out-of-Band Authentication (SMS) and Juniper Secure Access Integration Handbook. Document Version 2.3 Released May hidglobal.

4TRESS FT2011 Out-of-Band Authentication and Juniper Secure Access

Barracuda Networks SSL VPN

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

Authlogics Forefront TMG and UAG Agent Integration Guide

Implementation Guide VMWare View 5.1. DualShield. for. VMWare View 5.1. Implementation Guide

Barracuda SSL VPN Integration

Two factor authentication for Fortinet SSL VPN

SecurEnvoy Security Server 9.3 Installation Guide

Two factor authentication for Cisco ASA IPSec VPN Alternative

Establishing two-factor authentication with Juniper SSL VPN and HOTPin authentication server from Celestix Networks

Two factor authentication for SonicWALL SRA Secure Remote Access

Two factor authentication for Check Point appliances

Integration Guide. LoginTC

Two factor authentication for Remote Desktop Gateway (RD Gateway) with RADIUS

Two factor authentication for Citrix NetScaler

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

How to Integrate RSA SecurID with the Barracuda Web Application Firewall

Two factor authentication for OpenVPN Access Server

Two factor authentication for Cisco ASA SSL VPN

Implementation Guide for protecting Juniper SSL VPN with BlackShield ID

Barracuda Networks NG Firewall 7.0.0

Two factor authentication for WatchGuard XTM and Firebox IPSec

SecurEnvoy Security Server Administration Guide

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Establishing two-factor authentication with Barracuda SSL VPN and HOTPin authentication server from Celestix Networks

Two factor authentication for F5 BIG-IP APM

SecurEnvoy Security Server Installation Guide

NetMotion Integration with GreenRADIUS - Quick Start Guide

Integration Guide. SafeNet Authentication Service (SAS)

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

Astaro Security Gateway UTM

Deliver and manage customer VIP POCs. The lab will be directed and provide you with step-by-step walkthroughs of key features.

RSA Ready Implementation Guide for. Checkpoint Mobile VPN for ios v1.458

Azure MFA Integration with NetScaler

<Partner Name> RSA SECURID ACCESS Standard Agent Implementation Guide. WALLIX WAB Suite 5.0. <Partner Product>

How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT

ActivIdentity ActivID Card Management System and Juniper Secure Access. Integration Handbook

Two factor authentication for WatchGuard XTM and Firebox Alternative

Stonesoft Integration

Windows Smart Card Logon Use Case

REST Admin API. Note: Version 9.X or higher is required for the support of REST API. Version /17

Pulse Secure Policy Secure

DIGIPASS Authentication for Check Point VPN-1

Checkpoint VPN-1 NG/FP3

NetScaler Radius Authentication. Integration Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

Configuring an IMAP4 or POP3 Journal Account for Microsoft Exchange Server 2003

ESET SECURE AUTHENTICATION. Juniper SSL VPN Integration Guide

Two factor authentication for SSH using PAM RADIUS module

Manual for configuring VPN in Windows 7

Two-factor Authentication: A Tokenless Approach

ASC Chairman. Best Practice In Data Security In The Cloud. Speaker Name Dr. Eng. Bahaa Hasan

DIGIPASS Authentication for O2 Succendo

HOB HOB RD VPN. RSA SecurID Ready Implementation Guide. Partner Information. Product Information Partner Name. Last Modified: March 3, 2014 HOB

SurePassID Local Agent Guide SurePassID Authentication Server 2016

DualShield. for. Microsoft UAG. Implementation Guide. (Version 5.2) Copyright 2011 Deepnet Security Limited

Integrate Check Point Firewall. EventTracker v8.x and above

Configuring the SMA 500v Virtual Appliance

AWS Remote Access VPC Bundle

ISA 2006 and OWA 2003 Implementation Guide

Certificate Manager Configuration Guide

Integration Guide. SafeNet Authentication Service. Strong Authentication for Juniper Networks SSL VPN

Embracing the Phone as a Token What You Need To Know Andy Kemshall Co-Founder

Integration Guide. SafeNet Authentication Manager. SAM using RADIUS Protocol with SonicWALL E-Class Secure Remote Access

Establishing two-factor authentication with Cisco and HOTPin authentication server from Celestix Networks

Two factor authentication for Apache using mod_auth_xradius

Integration Guide. SafeNet Authentication Manager. Using RADIUS Protocol for Cisco ASA

Integration Guide. SecureAuth

Remotely auditing Check Point devices with Nipper Studio

VMware View (Horizon)

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Check Point SmartEndpoint Security

ITCorporation HOW DO I INSTALL A FRESH INSTANCE OF ANALYZER? DESCRIPTION RESOLUTION. Knowledge Database KNOWLEDGE DATABASE

DIGIPASS Authentication for Check Point VPN-1

Remote Support Security Provider Integration: RADIUS Server

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Cisco Adaptive Security Appliance 9.5(2)

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. CyberArk Enterprise Password Vault

Table of Contents 1 Cisco AnyConnect...1

Integration Guide. SafeNet Authentication Manager. SAM using RADIUS Protocol with Check Point Security Gateway

<Partner Name> <Partner Product> RSA SECURID ACCESS. Pulse Secure Connect Secure 8.3. Standard Agent Client Implementation Guide

Microsoft Outlook Web Access 2016 Installation Guide

Two factor authentication for Apache using mod_auth_radius

User Management in Resource Manager

User Agent Preparing the Windows Environment and Installing the User Agent. How-To

ActivIdentity 4TRESS AAA Web Tokens and F5 BIG-IP Access Policy Manager. Integration Handbook

LinQ2FA. Helping You. Network. Direct Communication. Stay Fraud Free!

How to Configure Connection Fallback using Multiple VPN Gateways

Connectra Virtual Appliance Evaluation Guide

OneLogin Integration User Guide

Transcription:

External Authentication with Checkpoint R77.20 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House Brunel Road Theale Reading RG7 4AB Phil Underwood Punderwood@securenvoy.com

Checkpoint R77.20 Integration Guide This document describes how to integrate a Checkpoint R75.40 with SecurEnvoy two-factor Authentication solution called SecurAccess. Checkpoint R75.40 provides - Secure Application Access to the internal corporate network. SecurAccess provides two-factor, strong authentication for remote Access solutions (such as Checkpoint R75.40) without the complication of deploying hardware tokens or smartcards. Two-Factor authentication is provided by the use of your PIN and your Phone to receive the one time passcode. SecurAccess is designed as an easy to deploy and use technology. It integrates directly into any LDAP directory server such as Microsoft s Active Directory and negates the need for additional User Security databases. SecurAccess authentication server is directly integrated with LDAP or Active Directory in real time. SecurEnvoy Security Server can be configured in such a way that it can use the existing Microsoft password. Utilising the Windows password as the PIN, allows the User to enter their UserID, Windows password and One Time Passcode received upon their mobile phone. This authentication request is passed to the SecurEnvoy Security Server via the RADIUS protocol, where it carries out a Two-Factor authentication. It provides a seamless login into the corporate network environment by the remote User entering three pieces of information. SecurEnvoy utilises a web GUI for configuration, whereas the Checkpoint R77.20 Server environment uses a GUI application. All notes within this integration guide refer to this type of approach. The equipment used for the integration process is listed below: Checkpoint Checkpoint R77.30 Microsoft (for installation of SecurEnvoy Security Server) Windows 2008 server IIS installed with SSL certificate (required for management and remote administration) Access to Active Directory with an Administrator Account SecurEnvoy SecurAccess software release v7.3.501 Tel: 0845 2600010 Fax: 0845 260014 www.securenvoy.com 05 SecurEnvoy Ltd. Al2l Confidential Page 2

Index External Authentication with Checkpoint R77.20... 1 Authenticating Users Using SecurAccess Server by SecurEnvoy... 1 1.0 Pre Requisites... 3 1.1 Configuration of Checkpoint R77.20... 4 2.0 Configuration of SecurEnvoy... 7 3.0 Test Logon... 9 1.0 Pre Requisites It is assumed that the Checkpoint R77.20 Checkpoint R77.20 has been installed and basic configuration carried out. A user can connect by authenticating with their Microsoft AD Domain username and password. (This could be configured for any username and password authentication server) Securenvoy Security Server has been installed with the Radius service and has a suitable account that has read and write privileges to the Active Directory, if firewalls are between the SecurEnvoy Security server, Active Directory servers, and the Checkpoint R77.20, additional open ports will be required. NOTE: Add radius profiles for each Checkpoint R77.20 that requires Two-Factor Authentication. Token Type Supported Real Time SMS or Email Preload SMS or Email Soft Token Code Soft Token Next Code Voice Call One Swipe Tel: 0845 2600010 Fax: 0845 260014 www.securenvoy.com 05 SecurEnvoy Ltd. Al3l Confidential Page 3

1.1 Configuration of Checkpoint R77.20 Launch the Checkpoint R77.20 admin interface through the Smart dashboard GUI. Verify that the Check Point firewall is currently VPN Enabled Go to Network Objects Checkpoint and selecting the Checkpoint firewall you wish to configure. Properties The next step is to add the SecurEnvoy RADIUS Server as a host object, define it as a valid machine on the network. Go to Network Objects Right-Click Node _ New node to add. Populate the required information. Click OK to Save. Under the Servers and OPSEC Applications tab Select Radius _ New RADIUS and then add in the new RADIUS server details. Select the SecurEnvoy-Radius host you created earlier, set the Service type to use udp NEW-RADIUS, and specify the common Shared Secret key to be used. (The Share Secret key is configured on both the Check Point firewall and SecurEnvoy RADIUS Server). Make sure the Protocol type is set to PAP. Tel: 0845 2600010 Fax: 0845 260014 www.securenvoy.com 05 SecurEnvoy Ltd. Al4l Confidential Page 4

The SecurEnvoy RADIUS Server is configured by default to communicate on Port 1812, using Protocol UDP. Under the Service tab, select UDP as the Protocol type, and browse to New-RADIUS. Make sure that it is set to Port 1812. For Version select RADIUS Ver 2.0 On the properties of New-RADIUS, Click Ok to save. Select the Advanced tab and make sure that the Source port is set to 1812. Also make sure that the Accept Replies checkbox has been enabled. See diagram. Click OK to Save. NOTE There are many ways of setting up VPN users in Checkpoint. Configuration can be set to authenticate users by various methods, Users can be setup and authenticated directly upon Checkpoint, they can be setup as LDAP users and authenticate against Microsoft Active Directory, or can be authenticated against RADIUS. In this example, we are going to configure Checkpoint to authenticate all external users to the SecurEnvoy RADIUS Server. An External User Profile will be created that mandates RADIUS Authentication for all users that do not have a Check Point user account. The Match all users profile with the profile name generic* is limited to only one property set. Checkpoint applies the restrictions specified for an ordinary user in the User Properties tabs (for example Groups). For authentication purposes Check Point uses the name typed in by the user instead of generic*. The following steps describe the process to configure an External Profile of Match All Users. Tel: 0845 2600010 Fax: 0845 260014 www.securenvoy.com 05 SecurEnvoy Ltd. Al5l Confidential Page 5

Go to Manage > Users and Administrators > New > External User Profile > Match All Users The user generic* is created and a new window opens. Select Authentication from the left tool bar. Select RADIUS from the drop down box, as the user s Authentication Scheme. Click OK to save changes. Go to Mobile Access > Authentication > Allowed Authentication schemes on Gateways Select an existing scheme to modify or create a new one. In this example an existing scheme was utilised. Select RADIUS and then set to use SecurEnvoy (Network Object). Click OK to save changes. Tel: 0845 2600010 Fax: 0845 260014 www.securenvoy.com 05 SecurEnvoy Ltd. Al6l Confidential Page 6

Once complete then select Install Policy from the Top toolbar. 2.0 Configuration of SecurEnvoy To help facilitate an easy to use environment, SecurEnvoy can be set up to use the existing Windows password as the PIN component. SecurEnvoy supplies the second factor of authentication, which is the dynamic one time passcode (OTP) which is sent or generated upon the user s mobile phone. Launch the SecurEnvoy admin interface, by executing the Local Security Server Administration link on the SecurEnvoy Security Server. Click the Radius tab Enter IP address and Shared secret for each Juniper SA appliance that wishes to use SecurEnvoy Two-Factor authentication. Click checkbox Passcode prompt is on a separate dialog. Click Update to confirm settings. Tel: 0845 2600010 Fax: 0845 260014 www.securenvoy.com 05 SecurEnvoy Ltd. Al7l Confidential Page 7

Navigate to SecurEnvoy GUI Config setting Token Types Prompt: Set the prompt for the challenge response message to the user. By default this is: Enter your 6 digit Passcode Click Logout when finished. This will log out of the Administrative session. Tel: 0845 2600010 Fax: 0845 260014 www.securenvoy.com 05 SecurEnvoy Ltd. Al8l Confidential Page 8

3.0 Test Logon Browse to the web URL address of the Checkpoint R77.30 SSL Two input dialogue boxes will be displayed. User will enter: UserID in the Username box Microsoft AD Domain password in password box Enter SMS /Email Passcode in the SecurEnvoy Passcode box (received via SMS /Email upon your mobile phone) Or enter the passcode displayed upon the SecurEnvoy Soft Token application. Tel: 0845 2600010 Fax: 0845 260014 www.securenvoy.com 05 SecurEnvoy Ltd. Al9l Confidential Page 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback