Product Guide Addendum. SafeWord Check Point User Management Console Version 2.1



Similar documents
Administration Guide. SafeWord for Internet Authentication Service (IAS) Agent Version 2.0

ISA Server Plugins Setup Guide

Check Point FW-1/VPN-1 NG/FP3

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

SafeNet Authentication Manager Express. Upgrade Instructions All versions

ESET SECURE AUTHENTICATION. Check Point Software SSL VPN Integration Guide

Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID

External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy

Configuring Steel-Belted RADIUS Proxy to Send Group Attributes

Security Reporter Startup Guide. Version 4.2 for Sidewinder G2 version and higher

DIGIPASS Authentication for GajShield GS Series

Multi-factor Authentication using Radius

Dell Mobile Management. Apple Device Enrollment Program

SafeWord Domain Login Agent Step-by-Step Guide

External Authentication with Netscreen 25 Remote VPN Authenticating Users Using SecurAccess Server by SecurEnvoy

Cisco VPN Concentrator Implementation Guide

HOTPin Integration Guide: DirectAccess

RSA Authentication Manager 7.1 Basic Exercises

Implementation Guide for protecting

Using Microsoft Active Directory for Checkpoint NG AI SecureClient

Creating IBM Cognos Controller Databases using Microsoft SQL Server

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

Juniper Networks SSL VPN Implementation Guide

Trend Micro PC-cillin Internet Security 2006

DIGIPASS Authentication for Check Point Connectra

Strong Authentication for Juniper Networks

Using Microsoft Active Directory Server and IAS Authentication

Apache Server Implementation Guide

Defender Configuring for Use with GrIDsure Tokens

Management Reporter Integration Guide for Microsoft Dynamics GP

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Defender Token Deployment System Quick Start Guide

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

How to Secure a Groove Manager Web Site

DIGIPASS Authentication for Check Point Security Gateways

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Getting Started

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012

Cloud Authentication. Getting Started Guide. Version

SMART Vantage. Installation guide

External Authentication with Citrix Access Gateway Advanced Edition

Specops Command. Installation Guide

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

ZyWALL OTPv2 Support Notes

QUANTIFY INSTALLATION GUIDE

Installing and Configuring vcenter Multi-Hypervisor Manager

Technical Note. Configuring Outlook Web Access with Secure WebMail Proxy for eprism

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

ESET SECURE AUTHENTICATION. SonicWall SSL VPN Integration Guide

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Integration Guide. SafeNet Authentication Service. VMWare View 5.1

1.6 HOW-TO GUIDELINES

Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition

StarWind iscsi SAN Software: Challenge-Handshake Authentication Protocol (CHAP) for Authentication of Users

Strong Authentication for Juniper Networks SSL VPN

DocuSign Connect for Salesforce Guide

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Active Directory Synchronization Agent for CRYPTO-MAS1.7

Microsoft IAS and NPS Agent Configuration Guide

Veeam Backup Enterprise Manager. Version 7.0

SELF SERVICE RESET PASSWORD MANAGEMENT BACKUP GUIDE

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

StarWind iscsi SAN & NAS: Configuring HA Storage for Hyper-V October 2012

NSi Mobile Installation Guide. Version 6.2

How To Set Up A Firewall Enterprise, Multi Firewall Edition And Virtual Firewall

ArcMail Technology Defender Mail Server Configuration Guide for Microsoft Exchange Server 2003 / 2000

External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy

Moving the TRITON Reporting Databases

ProxySG TechBrief LDAP Authentication with the ProxySG

StarWind iscsi SAN Software: Installing StarWind on Windows Server 2008 R2 Server Core

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Stonesoft Corp. Stonegate Firewall and VPN

5nine Security for Hyper-V Datacenter Edition. Version 3.0 Plugin for Microsoft System Center 2012 Virtual Machine Manager

Defender EAP Agent Installation and Configuration Guide

ESET SECURE AUTHENTICATION. Cisco ASA Internet Protocol Security (IPSec) VPN Integration Guide

Installing Policy Patrol on a separate machine

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Identikey Server Getting Started Guide 3.1

Integration Guide. SafeNet Authentication Service. Oracle Secure Desktop Using SAS RADIUS OTP Authentication

Step by Step Guide to implement SMS authentication to F5 Big-IP APM (Access Policy Manager)

NovaBACKUP xsp Version 15.0 Upgrade Guide

ESET SECURE AUTHENTICATION. Cisco ASA SSL VPN Integration Guide

Version 5.0. SurfControl Web Filter for Citrix Installation Guide for Service Pack 2

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Installation Guide. SafeNet Authentication Service

Setting up Hyper-V for 2X VirtualDesktopServer Manual

BlackShield ID Agent for Remote Web Workplace

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

NetMotion + YubiRADIUS Quick Start Guide

ACTi NVR Config Converter User s Manual. Version /06/07

Crystal Reports Installation Guide

HP IMC Firewall Manager

Juniper SSL VPN Authentication QUICKStart Guide

Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0

Borderware Firewall Server Version 7.1. VPN Authentication Configuration Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

Transcription:

Product Guide Addendum SafeWord Check Point User Management Console Version 2.1

Copyright 2005 Secure Computing Corporation. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Secure Computing Corporation. Trademarks Secure Computing, SafeWord, Sidewinder, Sidewinder G2, SmartFilter, Type Enforcement, SofToken, Enterprise Strong, Mobile Pass, G2 Firewall, PremierAccess, SecureSupport, SecureOS, Bess and Strikeback are trademarks of Secure Computing Corporation, registered in the U.S. Patent and Trademark Office and in other countries. G2 Enterprise Manager, SmartReporter, On-Box, Application Defenses, RemoteAccess, Sentian, Securing connections between people, applications and networks are trademarks of Secure Computing Corporation. All other trademarks, tradenames, service marks, service names, product names, and images mentioned and/or used herein belong to their respective owners. Technical Support information Secure Computing works closely with our Channel Partners to offer worldwide Technical Support services. If you purchased this product through a Secure Computing Channel Partner, please contact your reseller directly for support needs. To contact Secure Computing Technical Support directly, telephone +1.800.700.8328 or +1.651.628.1500. If you prefer, send an e-mail to support@securecomputing.com. To inquire about obtaining a support contract, refer to our Contact Secure Web page for the latest information at www.securecomputing.com. Customer Advocate information To suggest enhancements in a product or service, or to request assistance in resolving a problem, please contact a Customer Advocate at +1.877.851.9080. If you prefer, send an e-mail to customer_advocate@securecomputing.com. If you have comments or suggestions you would like to make regarding this document or any other Secure Computing document, please send an e-mail to techpubs@securecomputing.com. Printing history Date Part number Software Release July 2005 86-0945095-A Product Guide Addendum, SafeWord Check Point User Management Console i

ii

Introduction Introduction This addendum to the SafeWord 2.1 Product Guide describes the SafeWord Check Point User Management Console (UMC), which you selected as your preferred database tool during your SafeWord software installation. The UMC is the central management tool for managing users and tokens. This document describes the console, and gives information on using the console to manage users and authenticators. This document includes the following topics: Introduction on page 1 Check Point User Management Console on page 2 Configuring SafeWord strong authentication on page 4 What next? on page 10 Product Guide Addendum for the SafeWord Check Point UMC 1

Check Point User Management Console Check Point User Management Console SafeWord s Check Point UMC is the user management tool for user data stored in a Check Point database. Aside from a few visual differences between the Check Point UMC and the Active Directory UI, and some additional steps in configuring authentication setup before deploying the system, the functions of the user management interface are the same whether user records are stored in Active Directory or the Check Point user database. The Check Point UMC Console is divided into two management interfaces. The first interface allows you to list tokens, view and search for user and token associations, and import new token records into the system. It is also where backup and restore database functions are performed. Figure 1 shows the SafeWord Check Point Console in comparison with the Active Directory console. Figure 1. Search Utility window Check Point window Active Directory window The second interface allows you to associate users with SafeWord tokens, assign PINs, generate emergency passcodes, and test tokens after assigning them to individual users. Figure 2 shows the SafeWord Check Point Console User Properties window where these tasks are performed. 2 Product Guide Addendum for the SafeWord Check Point UMC

Check Point User Management Console Figure 2. Check Point and Active Directory user Properties windows Check Point window Active Directory window Launching the console Launching the Check Point UMC is done via the Windows Start menu, Start -> Programs -> Secure Computing -> SafeWord -> SafeWord Check Point Console. In Active Directory environments, the management console is started using the Active Directory Users and Computers tool. Product Guide Addendum for the SafeWord Check Point UMC 3

Configuring SafeWord strong authentication Configuring SafeWord strong authentication Once SafeWord is installed, registered, activated, and you have customized it with your own administration passwords, you are ready to configure SafeWord strong authentication. Configuring authentication for Check Point To use SafeWord s Check Point Console to manage users, you will need to configure SafeWord RADIUS authentication. This will create a RADIUS Server object in the Check Point database. The Configure SafeWord RADIUS Authentication window shown in Figure 3 appears the first time you launch the management interface. You can also access this window by clicking on the Check Point Users node. When the Configure SafeWord RADIUS Authentication window appears, do the following: Figure 3. Configure SafeWord RADIUS Authentication window 1. Enter the IP Address of the machine hosting the SafeWord IAS Agent. 2. Enter the Port number over which the machine hosting the SafeWord IAS Agent will communicate. 3. Click OK, and a success window appears. You will be prompted that the RADIUS Secret must be set. You manually set the RADIUS secret in the Check Point Management GUI. Open the GUI by doing the following: 4. Open the Check Point SmartDashboard. 5. When the Check Point Smart Update window appears, enter your administrative password. 6. Select the Servers tab on the left pane of the window. 7. Expand the RADIUS Server node. 8. Edit the SafeWordRADIUS_<IP>_<Port>. The RADIUS Server Properties window appears. 4 Product Guide Addendum for the SafeWord Check Point UMC

Configuring SafeWord strong authentication Figure 4. New RADIUS Secret window 9. Enter your Shared Secret in the Shared Secret field, then click OK. Configuring authentication for Active Directory If you are using Active Directory to manage users, you can configure SafeWord for Check Point to work with existing Active Directory users without adding Check Point s Active Directory schema extensions. This is made possible by defining an object and associating it with the LDAP account unit defined on the Active Directory Server. For example, if you want to enable all users with IKE+Hybrid, based on the Active Directory passwords, create a new template with the IKE properties enabled and VPN-1/FireWall-1 as the authentication method. In addition to defining a template, you will be manually creating a RADIUS server, and creating an LDAP Account Unit for your Active Directory environment. Enabling LDAP user management Before you can configure authentication for Active Directory, you must enable LDAP user management. To enable LDAP user management, do the following: 1. Open the Check Point Management GUI. 2. Select Policy -> Global Properties. A window appears with the first file in the tree highlighted. 3. Select LDAP Account Management from the list in the tree. 4. Click Use LDAP Account Management. Product Guide Addendum for the SafeWord Check Point UMC 5

Configuring SafeWord strong authentication Figure 5. RADIUS Server Properties window Manually adding a RADIUS server As part of the process for configuring SafeWord authentication, you will need to manually add a RADIUS server. To manually add a RADIUS server, do the following: 1. Open the RADIUS Server Properties window. 2. Choose a name for your RADIUS server and enter it in the Name field. 3. Choose or create an appropriate host object and enter that in the Host field. 4. From the Service field drop down list, choose UDP Service Object for the RADIUS port. Note: By default, IAS listens on ports 1645 and 1812. Ensure that the UDP Service object you choose matches one of the ports. 5. Enter your Shared Secret. 6. Click OK to complete the setup. 6 Product Guide Addendum for the SafeWord Check Point UMC

Configuring SafeWord strong authentication Creating an LDAP Account Unit The next part of the process for configuring SafeWord authentication for Active Directory users is to create an LDAP Account Unit. To create an LDAP Account Unit, do the following: 1. In the Check Point Management GUI, open the LDAP Account Unit Properties window. Figure 6. LDAP Account Unit Properties window 2. Create an LDAP Account Unit for your Active Directory by doing the following: a. Select the User management option under Account Unit Usage. b. Select Microsoft_AD from the Profile drop down list. c. Click OK to complete the setup. There are two options for how authentication from RADIUS will occur. You can choose to either specify authentication attributes for all users from Active Directory by using a template, or you can specify the attributes for individual users by extending Check Point s Active Directory schema. Choose the method that is most appropriate for your users and reference the following sections to set up your choice. Product Guide Addendum for the SafeWord Check Point UMC 7

Configuring SafeWord strong authentication Figure 7. LDAP Account Management window Using a template to specify authentication attributes globally for all users To use a template to specify authentication, do the following: 1. Browse to the Templates node on your Check Point User Interface. 2. Create a new template using the Check Point interface. 3. On the Template window s Authentication tab, ensure that the Authentication Scheme is defined as RADIUS. 4. Ensure that the RADIUS server that you defined earlier in this process is is selected from the list labeled Select a RADIUS Server or Group of Servers. 5. Reopen the LDAP Account Unit you created earlier, and go to the Authentication tab of the Properties window. 8 Product Guide Addendum for the SafeWord Check Point UMC

Configuring SafeWord strong authentication Figure 8. The Authentication tab of the LDAP Account Unit Properties window 6. Confirm the following settings: a. RADIUS is selected as the Allowed Authentication Scheme. b. Use User Template is selected as the User s default value. Extending the Active Directory schema to specify authentication attributes individually for users To extend Check Point s Active Directory schema to specify authentication attributes individually for users, you should consult your Check Point documentation. Such discussions are beyond the scope of this guide. Additional Check Point security If you are using Check Point User Management Support, and are using the User Center to enroll users and tokens, you must also assign the SafeWord authentication method to users in Check Point databases. The User Center will not extend the authentication to those users. To do so, right click on the user, then choose Configure Authentication. Product Guide Addendum for the SafeWord Check Point UMC 9

What next? What next? The following is a list of tasks that need to be done before you can start using your software. Each of these tasks is described in detail in your SafeWord 2.1 Product Guide. Note: Specific chapter references within the Product Guide are called out. 1. Register and activate your software (Chapter 2). a. Locate the software serial number and token group ID. b. Register the software. c. Verify the activation. d. (If applicable) activate additional tokens. e. Change your administrative password. f. Secure user passwords with PINs. 2. Prepare and distribute tokens to users (Chapter 3). a. Assign tokens with the SMC, or let users enroll their own tokens with the User Center. b. Test the tokens. 10 Product Guide Addendum for the SafeWord Check Point UMC

Part Number: 86-0945095-A Software Version: SafeWord Check Point User Management Console Product names used within are trademarks of their respective owners. 2005 Secure Computing Corporation. All rights reserved.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information