Creating an Administrator Account with Check Point Password Authentication

Watch the Video

Check Point password is a static password that is configured in SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.. The local database on the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. stores the password. No additional software is required.

After you configure authentication with a Check Point password, you can, in addition, configure certificate file authentication . The administrator can then authenticate to SmartConsole with the Check Point password or the certificate file.

You create the certificate file in SmartConsole. The administrator can use the certificate to log in to SmartConsole in two ways:

  • Log in to SmartConsole with the Certificate File option. The administrator must provide the password to use the certificate file.

  • You can import the certificate file to the Windows Certificate Store on the Microsoft Windows SmartConsole computer. The administrator can use this stored certificate to log in to SmartConsole with the CAPI Certificate option. The administrator does not need to provide a password to log in.

The administrator can also give the certificate to other administrators to log in to SmartConsole with no administrator account of their own.

Prerequiste:

Make sure you configured the required Permission ProfileClosed Predefined group of SmartConsole access permissions assigned to Domains and administrators. With this feature you can configure complex permissions for many administrators with one definition.. See Assigning Permission Profiles to Administrators.

To create a new administrator with Check Point password authentication

    1. From the left navigation panel, click Manage & Settings..

    2. Expand Permissions & Administrators > click Administrators.

    3. From the top toolbar, click the icon (New) > click New Administrator.

      The New Administrator window opens and shows the General page.

    4. In the top field, enter the applicable object name.

    5. Optional: Enter the comment.

    6. In Authentication Method field, select Check Point Password.

    7. Click Set New Password:

      1. In the Password field, enter the password.

      2. In the Confirm field, enter the same password.

      3. Optional: Select User must change password on next login.

      4. Click OK.

    8. Optional: Create a certificate for this administrator:

      1. In the Certificate Information field, click Create.

      2. In the Password field, enter the password.

        A password is required to protect the sensitive data in the certificate file.

      3. In the Confirm field, enter the same password.

      4. Click OK.

      5. Wait for the Save As window to open.

      6. In the File name field, make sure to include the username.

      7. In the Save as type field, select Certificate Files (*p12).

        The certificate file is in the PKCS #12 format, and has a .p12 extension.

      8. Browse to a secure location on the SmartConsole computer.

      9. Click Save.

      Notes:

    9. In the Permission Profile field, select the applicable profile.

    10. In the Expiration section, configure the required valid expiration date.

    11. Optional: On the Additional Info page, configure:

      • Phone Number

      • Contact Details

      • Email

    12. Click OK.

    13. Publish the SmartConsole session.

  		2.

    Note - This procedure applies if you create a certificate authentication in the administrator object, and you log in to SmartConsole with the CAPI Certificate option.

    1. Right-click the *.p12 file you saved when you created the required administrator, and click Install PFX.

      The Certificate Import Wizard opens.

    2. In the Store Location section, select the applicable option:

      • Current User (this is the default)

      • Local Machine

    3. Click Next.

    4. Enter the same certificate password you used when you created the required administrator certificate.

    5. Clear Enable strong private key protection.

    6. Select Mark this key as exportable.

    7. Click Next.

    8. Select Place all certificates in the following store, click Browse > Personal > OK.

    9. Click Next.

    10. Click Finish.