{"id":408,"date":"2010-04-06T12:05:04","date_gmt":"2010-04-06T12:05:04","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2010\/04\/06\/securing-client-authentication\/"},"modified":"2021-07-30T14:47:44","modified_gmt":"2021-07-30T14:47:44","slug":"securing-client-authentication","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Checkpoint\/securing-client-authentication.html","title":{"rendered":"Securing Client Authentication on a Check Point Gateway"},"content":{"rendered":"
By default Client Authentication allows you to authenticate using HTTP (on port 900) or Telnet (on port 259). Both of which can pose security risks due to the username and passwords being sent un-encrypted.<\/p>\n
To secure Client Authenitcation follow the following steps :<\/p>\n
Change the following line in $FWDIR\/conf\/fwauthd.conf<\/strong>,<\/p>\n to<\/p>\n And remove the line :<\/p>\n This allows you to change the HTTP server to an encrypted HTTPS server and disables authentication over Telnet.<\/p>\n","protected":false},"excerpt":{"rendered":" By default Client Authentication allows you to authenticate using HTTP (on port 900) or Telnet (on port 259). Both of which can pose security risks due to the username and passwords being sent un-encrypted. To secure Client Authenitcation follow the following steps : Change the following line in $FWDIR\/conf\/fwauthd.conf, 900\u00a0\u00a0\u00a0\u00a0 fwssd\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 in.ahclientd\u00a0\u00a0\u00a0 wait\u00a0\u00a0\u00a0 900 to … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"yoast_head":"\n900\u00a0\u00a0\u00a0\u00a0 fwssd\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 in.ahclientd\u00a0\u00a0\u00a0 wait\u00a0\u00a0\u00a0 900<\/pre>\n
900\u00a0\u00a0\u00a0\u00a0 fwssd\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 in.ahclientd\u00a0\u00a0\u00a0 wait\u00a0\u00a0\u00a0 900\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 ssl:defaultCert<\/pre>\n
259\u00a0\u00a0\u00a0\u00a0 fwssd\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 in.aclientd\u00a0\u00a0\u00a0\u00a0 wait\u00a0\u00a0\u00a0 259<\/pre>\n