Creating a User Account with OS Password Authentication

OS Password is stored on the operating system of the computer on which the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. is installed. You can also use passwords that are stored in a Windows domain. No additional software is required.

After you configure authentication with an operating system password, you can, in addition, configure authentication with a certificate file. The user can then authenticate to the Security Gateway with the operating system password or the certificate file.

To create a new user with OS password authentication

  1. In the Object Explorer (F11), click New > More > User/Identity > User.

    The New User window opens.

  2. Select a template and Click OK.

  3. Enter a User Name - A unique, case sensitive character string.

    If you generate a user certificate with a non-Check Point Certificate Authority, enter the Common Name (CN) component of the Distinguished Name (DN).

    For example, if the DN is [CN = James, O = My Organization, C = My Country], then enter James as the username. If you use Common Names as user names, they must contain exactly one string with no spaces.

  4. Configure the user's General Properties:

    1. Select an Expiration Date - The date, after which the user is no longer authorized to access network resources and applications. By default, the date defined in the main menu > Global Properties > User Accounts > Expiration Date shows as the expiration date.

    2. Optional settings: Comment, Email Address, Mobile Phone Number.

  5. In Groups - Use this window to add users to user groups.

  6. Configure the user's Authentication:

    1. From the drop-down menu, select OS Password.

      Important - If you do not select an authentication method, the user cannot log in or use network resources.

    2. Click Set new password.

  7. In Location, select objects from which this user can access or send data and traffic.

    In the Allowed locations section:

    • Sources - Click Add, to add selected objects to this user's permitted resources. The user can get data and traffic from these objects.

    • Destination - Click Add, to add selected objects to this user's permitted destinations. The user can send data and traffic to these objects.

  8. In Time - If the user has specific working days or hours, you can configure when the user can be authenticated for access.

    • From and To - Enter start time and end time of an expected workday. This user will not be authenticated if a login attempt is made on a time outside the given range.

    • Days in week or Daily - Select the days on which the user can authenticate and access resources. This user will not be authenticated if a login attempt is made on an unselected day.

  9. In Certificates:

    Generate and register SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. certificates for user accounts. This authenticates the user in the Check Point system. Use certificates with required authentication for added access control.

    1. Click New.

    2. Select key or p12 file:

      • Registration key for certificate enrollment - Select to send a registration key that activates the certificate. When prompted, select the number of days the user has to activate the certificate, before the registration key expires.

      • Certificate file (p12) - Select to create a .p12 certificate file with a private password for the user. When prompted, enter and confirm the certificate password.

    3. Click OK.

    If a user is not in the system for some time (for example, when going on an extended leave), you can revoke the certificate. This leaves the user account in the system, but the user cannot access it until you renew the certificate.

    To revoke a certificate, select the certificate and click Revoke.

  10. In Encryption:

    If the user accesses resources from a remote location, traffic between the remote user and internal resources will be encrypted. Configure encryption settings for remote access users.

    1. Select an encryption method for the user.

    2. Click Edit.

      The encryption Properties window opens.

      The next steps are for IKE Phase 2. The options can be different for different methods.

    3. In the Authentication tab, select the authentication schemes:

      1. Password - The user authenticates with a pre-shared secret password. Enter and confirm the password.

      2. Public Key - The user authenticates with a public key contained in a certificate file.

    4. Click OK.

  11. Click OK.