Print Download Documentation Send Feedback

Previous

Next

Client Auth

What can I do here?

Use this window to define:

Getting Here

Getting Here - Security Policies > Access Control > Policy > Action column > More > In the actions settings window select Client Auth > click pencil icon:

Note - The Client Auth option is available for layers that only have the firewall blade enabled.

Understanding Client Authentication

Client Authentication can be used to authenticate any service. It allows access from a specific IP address for an unlimited number of connections. The user working on a client performs the authentication by successfully meeting an authentication challenge, but it is the client machine that is granted access.

Client authentication can be used with any one of five different sign on methods. These sign on methods provide a choice of Authentication Methods for authenticated and other services. For all sign on methods other than Manual Client Authentication, the Check Point Security Gateway is transparent to the user. This means that the user authenticates directly to the destination host.

There is one other choice to make with Client Authentication: whether to use Standard Sign On or Specific Sign On.

At the end of the session, the user can sign off. When a user signs off, he or she is signed off from all services, and the connection is closed by the remote host.

Client Auth - General Options

Source and Destination

Due to the nature of Client Authentication, it is not possible for the Client authentication process to know where the client may be connecting to when the Required sign On is set to Standard, so the user's allowed destinations cannot be checked.

Sign On

Sign On Method

Successful Authentication Tracking