Creating a User Account with Check Point Password Authentication

Check Point password is a static password that is configured in SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..The local database on the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. stores the password. No additional software is required.

After you configure authentication with a Check Point password, you can, in addition, configure authentication with a certificate file. The user can then authenticate to the Security Gateway with the Check Point password or the certificate file.

To create a new user with Check Point password authentication

  1. In the Object Explorer (F11), click New > More > User/Identity > User.

    The New User window opens.

  2. Select a template and Click OK.

  3. Enter a User Name - A unique, case sensitive character string.

    If you generate a user certificate with a non-Check Point Certificate Authority, enter the Common Name (CN) component of the Distinguished Name (DN). For example, if the DN is: [CN = James, O = My Organization, C = My Country],
    enter James as the user name. If you use Common Names as user names, they must contain exactly one string with no spaces.

  4. Configure the user's General Properties:

    1. Select an Expiration Date - The date, after which the user is no longer authorized to access network resources and applications. By default, the date defined in the main menu > Global Properties > User Accounts > Expiration Date, shows as the expiration date.

    2. Optional settings: Comment, Email Address, Mobile Phone Number.

  5. In Groups - Use this window to add users to user groups.

  6. Configure the user's Authentication:

    1. From the drop-down menu, select Check Point Password.

      Important - If you do not select an authentication method, the user cannot log in or use network resources.

    2. Click Set new password.

  7. In Location, select objects from which this user can access or send data and traffic.

    In the Allowed locations section:

    • Sources - Click Add, to add selected objects to this user's permitted resources. The user can get data and traffic from these objects.

    • Destination - Click Add, to add selected objects to this user's permitted destinations. The user can send data and traffic to these objects.

  8. In Time - If the user has specific working days or hours, you can configure when the user can be authenticated for access.

    • From and To - Enter start time and end time of an expected workday. This user will not be authenticated if a login attempt is made at a time outside the given range.

    • Days in week or Daily - Select the days on which the user can authenticate and access resources. This user will not be authenticated if a login attempt is made on an unselected day.

  9. In Certificates:

    You can generate and register SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. certificates for user accounts. This authenticates the user in the Check Point system. Use certificates with required authentication for added access control.

    1. Click New.

    2. Select key or p12 file:

      • Registration key for certificate enrollment - Select to send a registration key that activates the certificate. When prompted, select the number of days the user has to activate the certificate, before the registration key expires.

      • Certificate file (p12) - Select to create a .p12 certificate file with a private password for the user. When prompted, enter and confirm the certificate password.

    3. Click OK.

    If a user is not in the system for some time (for example, when the user is on an extended leave), you can revoke the certificate. This leaves the user account in the system, but the user cannot access it until you renew the certificate.

    To revoke a certificate, select the certificate and click Revoke.

  10. In Encryption:

    If the user accesses resources from a remote location, traffic between the remote user and internal resources is encrypted. Configure encryption settings for remote access users:

    1. Select an encryption method for the user.

    2. Click Edit.

      The encryption Properties window opens.

      The next steps are for IKE Phase 2. The options can be different for different methods.

    3. In the Authentication tab, select the authentication schemes:

      1. Password - The user authenticates with a pre-shared secret password. Enter and confirm the password.

      2. Public Key - The user authenticates with a public key contained in a certificate file.

    4. Click OK.

  11. Click OK.