{"id":408,"date":"2010-04-06T12:05:04","date_gmt":"2010-04-06T12:05:04","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2010\/04\/06\/securing-client-authentication\/"},"modified":"2021-07-30T14:47:44","modified_gmt":"2021-07-30T14:47:44","slug":"securing-client-authentication","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html","title":{"rendered":"Securing Client Authentication on a Check Point Gateway"},"content":{"rendered":"

By default Client Authentication allows you to authenticate using HTTP (on port 900) or Telnet (on port 259). Both of which can pose security risks due to the username and passwords being sent un-encrypted.<\/p>\n

To secure Client Authenitcation follow the following steps :<\/p>\n

Change the following line in $FWDIR\/conf\/fwauthd.conf<\/strong>,<\/p>\n

900\u00a0\u00a0\u00a0\u00a0 fwssd\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 in.ahclientd\u00a0\u00a0\u00a0 wait\u00a0\u00a0\u00a0 900<\/pre>\n
to<\/p>\n
900\u00a0\u00a0\u00a0\u00a0 fwssd\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 in.ahclientd\u00a0\u00a0\u00a0 wait\u00a0\u00a0\u00a0 900\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 ssl:defaultCert<\/pre>\n
And remove the line :<\/p>\n
259\u00a0\u00a0\u00a0\u00a0 fwssd\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 in.aclientd\u00a0\u00a0\u00a0\u00a0 wait\u00a0\u00a0\u00a0 259<\/pre>\n
This allows you to change the HTTP server to an encrypted HTTPS server and disables authentication over Telnet.<\/p>\n","protected":false},"excerpt":{"rendered":"
By default Client Authentication allows you to authenticate using HTTP (on port 900) or Telnet (on port 259). Both of which can pose security risks due to the username and passwords being sent un-encrypted. To secure Client Authenitcation follow the following steps : Change the following line in $FWDIR\/conf\/fwauthd.conf, 900\u00a0\u00a0\u00a0\u00a0 fwssd\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 in.ahclientd\u00a0\u00a0\u00a0 wait\u00a0\u00a0\u00a0 900 to … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"yoast_head":"\nSecuring Client Authentication on a Check Point Gateway - Fir3net<\/title>\n<meta name=\"description\" content=\"By default Client Authentication allows you to authenticate using HTTP (on port 900) or Telnet (on port 259). Both of which can pose security risks due to\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing Client Authentication on a Check Point Gateway - Fir3net\" \/>\n<meta property=\"og:description\" content=\"By default Client Authentication allows you to authenticate using HTTP (on port 900) or Telnet (on port 259). Both of which can pose security risks due to\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html\" \/>\n<meta property=\"og:site_name\" content=\"Fir3net\" \/>\n<meta property=\"article:published_time\" content=\"2010-04-06T12:05:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-30T14:47:44+00:00\" \/>\n<meta name=\"author\" content=\"Rick Donato\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rick Donato\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html\"},\"author\":{\"name\":\"Rick Donato\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\"},\"headline\":\"Securing Client Authentication on a Check Point Gateway\",\"datePublished\":\"2010-04-06T12:05:04+00:00\",\"dateModified\":\"2021-07-30T14:47:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html\"},\"wordCount\":80,\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"articleSection\":[\"Check Point Firewalls\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html\",\"url\":\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html\",\"name\":\"Securing Client Authentication on a Check Point Gateway - Fir3net\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/#website\"},\"datePublished\":\"2010-04-06T12:05:04+00:00\",\"dateModified\":\"2021-07-30T14:47:44+00:00\",\"description\":\"By default Client Authentication allows you to authenticate using HTTP (on port 900) or Telnet (on port 259). Both of which can pose security risks due to\",\"breadcrumb\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fir3net.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\/\/www.fir3net.com\/security\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Check Point Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\/check-point\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Securing Client Authentication on a Check Point Gateway\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fir3net.com\/#website\",\"url\":\"https:\/\/www.fir3net.com\/\",\"name\":\"Fir3net\",\"description\":\"Keeping you in the know\",\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fir3net.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.fir3net.com\/#organization\",\"name\":\"Fir3net\",\"url\":\"https:\/\/www.fir3net.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"width\":390,\"height\":88,\"caption\":\"Fir3net\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\",\"name\":\"Rick Donato\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"caption\":\"Rick Donato\"},\"description\":\"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Securing Client Authentication on a Check Point Gateway - Fir3net","description":"By default Client Authentication allows you to authenticate using HTTP (on port 900) or Telnet (on port 259). Both of which can pose security risks due to","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html","og_locale":"en_US","og_type":"article","og_title":"Securing Client Authentication on a Check Point Gateway - Fir3net","og_description":"By default Client Authentication allows you to authenticate using HTTP (on port 900) or Telnet (on port 259). Both of which can pose security risks due to","og_url":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html","og_site_name":"Fir3net","article_published_time":"2010-04-06T12:05:04+00:00","article_modified_time":"2021-07-30T14:47:44+00:00","author":"Rick Donato","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rick Donato"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html#article","isPartOf":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html"},"author":{"name":"Rick Donato","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037"},"headline":"Securing Client Authentication on a Check Point Gateway","datePublished":"2010-04-06T12:05:04+00:00","dateModified":"2021-07-30T14:47:44+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html"},"wordCount":80,"publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"articleSection":["Check Point Firewalls"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html","url":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html","name":"Securing Client Authentication on a Check Point Gateway - Fir3net","isPartOf":{"@id":"https:\/\/www.fir3net.com\/#website"},"datePublished":"2010-04-06T12:05:04+00:00","dateModified":"2021-07-30T14:47:44+00:00","description":"By default Client Authentication allows you to authenticate using HTTP (on port 900) or Telnet (on port 259). Both of which can pose security risks due to","breadcrumb":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fir3net.com\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.fir3net.com\/security"},{"@type":"ListItem","position":3,"name":"Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls"},{"@type":"ListItem","position":4,"name":"Check Point Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls\/check-point"},{"@type":"ListItem","position":5,"name":"Securing Client Authentication on a Check Point Gateway"}]},{"@type":"WebSite","@id":"https:\/\/www.fir3net.com\/#website","url":"https:\/\/www.fir3net.com\/","name":"Fir3net","description":"Keeping you in the know","publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fir3net.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fir3net.com\/#organization","name":"Fir3net","url":"https:\/\/www.fir3net.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","width":390,"height":88,"caption":"Fir3net"},"image":{"@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037","name":"Rick Donato","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","caption":"Rick Donato"},"description":"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders."}]}},"_links":{"self":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/408"}],"collection":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/comments?post=408"}],"version-history":[{"count":0,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/408\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media?parent=408"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/categories?post=408"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/tags?post=408"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}