fir3net
PPS-Firenetbanner-780.5x190-30-03-17

Securing Client Authentication on a Check Point Gateway

By default Client Authentication allows you to authenticate using HTTP (on port 900) or Telnet (on port 259). Both of which can pose security risks due to the username and passwords being sent un-encrypted.

To secure Client Authenitcation follow the following steps :

Change the following line in $FWDIR/conf/fwauthd.conf,

900     fwssd       in.ahclientd    wait    900

to

900     fwssd       in.ahclientd    wait    900        ssl:defaultCert

And remove the line :

259     fwssd       in.aclientd     wait    259

This allows you to change the HTTP server to an encrypted HTTPS server and disables authentication over Telnet.

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001