{"id":451,"date":"2010-05-25T11:04:12","date_gmt":"2010-05-25T11:04:12","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2010\/05\/25\/a-look-at-secureid-files-on-a-checkpoint-firewall\/"},"modified":"2021-07-24T18:44:01","modified_gmt":"2021-07-24T18:44:01","slug":"a-look-at-secureid-files-on-a-checkpoint-firewall","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html","title":{"rendered":"Check Point &#8211; A look at SecureID Files"},"content":{"rendered":"<p>In order to to enable SecureID authentication you will need to generate an &#8216;sdconf.rec&#8217; file from your ACE SERVER.<br \/>You will then need to copy this file to the the&nbsp; &#8216;\/var\/ace<strong>&#8216;<\/strong> directory of your Check Point Firewall (if the directory does not exsist create one).<\/p>\n<p>At the point that your ACE SERVER and your ACE AGENT (Check Point Firewall) start communicating a &#8216;sdstatus.12&#8217; file will be generated.<br \/>When the communication is deemed successful a &#8216;secureid&#8217; file will be generated. It is worth noting that &#8216;secureid&#8217; is the default name given for the node secret file.&nbsp;<\/p>\n<p>!! If no secureid file is generated you may want to check that the &#8220;Reset Node Secret&#8221; option was enabled at the point of the sdconf.rec file being generated on the ACE SERVER. !!<\/p>\n<p>Once the sdstatus.12 and the secureid file have been generated encrypted communication between the ACE AGENT and SERVER can be established.&nbsp;<\/p>\n<p>Below is a summary of these files :<\/p>\n<table class=\".table tabmain\">\n<tbody>\n<tr>\n<td>sdconf.rec<\/td>\n<td>Generated by the ACE SERVER and copied to the \/var\/ace directory<\/td>\n<\/tr>\n<tr>\n<td>sdopts.rec<\/td>\n<td>Allows you to force the ACE AGENT to use a specific IP address when generating its hash<\/td>\n<\/tr>\n<tr>\n<td>sdstatus.12<\/td>\n<td>Automatically created at point of communication between the ACE AGENT and SERVER<\/td>\n<\/tr>\n<tr>\n<td>securid<\/td>\n<td>Automatically created at point of successful communication between the ACE AGENT and SERVER<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Packet Capture Example :<\/p>\n<pre class=\"prettyprint\">14:44:49.619735 [FIREWALL].1117 &gt; [ACE SERVER].5500: udp 124&nbsp; - FIREWALL queries ACE SERVER<br \/>14:44:50.387343 [ACE SERVER].5500 &gt; [FIREWALL].1117: udp 124&nbsp; \u2013 ACE SERVER responds<br \/>14:44:57.954218 [FIREWALL].1117 &gt; [ACE SERVER].5500: udp 124&nbsp; \u2013 FIREWALL confirms response<br \/>14:45:00.733002 [ACE SERVER].5500 &gt; [FIREWALL].1117: udp 124&nbsp; \u2013 ACE SERVER responds<\/pre>\n<p><strong>Issues <\/strong><\/p>\n<p>You may see authentication issues after the initial authentication along with the error message :<\/p>\n<p><span style=\"color: #ff0000;\"><strong><em>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [LOG_ERR] ACEAGENT: The message entry does not exist for message ID: 100x<\/em><\/strong><\/span><\/p>\n<p>This is down to the embedded hash of the Check Points IP address (that is sent to the ACE SERVER within the authentication request) being different the hash of the Check Point`s IP address that is generated by the ACE SERVER. This can be caused by multihomed or NAT configurations.<\/p>\n<p>To resolve this :<\/p>\n<ol>\n<li>create the sdopts.rec file in the \/var\/ace directory<\/li>\n<li>using VI, edit the sdopts.rec file and insert the line: CLIENT_IP=[IP Address of the ACE AGENT (Check Point Firewall)]<\/li>\n<li>restart FW-1 using cpstop &amp;&amp; cpstart<\/li>\n<\/ol>\n<p><em><strong>Note :<\/strong> it has been reported this will also correct issues using SecurID on Secure Platform.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In order to to enable SecureID authentication you will need to generate an &#8216;sdconf.rec&#8217; file from your ACE SERVER.You will then need to copy this file to the the&nbsp; &#8216;\/var\/ace&#8216; directory of your Check Point Firewall (if the directory does not exsist create one). At the point that your ACE SERVER and your ACE AGENT &#8230; <a title=\"Check Point &#8211; A look at SecureID Files\" class=\"read-more\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html\" aria-label=\"Read more about Check Point &#8211; A look at SecureID Files\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":450,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Check Point - A look at SecureID Files - Fir3net<\/title>\n<meta name=\"description\" content=\"In order to to enable SecureID authentication you will need to generate an &#039;sdconf.rec&#039; file from your ACE SERVER.You will then need to copy this file to\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Check Point - A look at SecureID Files - Fir3net\" \/>\n<meta property=\"og:description\" content=\"In order to to enable SecureID authentication you will need to generate an &#039;sdconf.rec&#039; file from your ACE SERVER.You will then need to copy this file to\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html\" \/>\n<meta property=\"og:site_name\" content=\"Fir3net\" \/>\n<meta property=\"article:published_time\" content=\"2010-05-25T11:04:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-24T18:44:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2010\/05\/images_legacy_secureid.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"119\" \/>\n\t<meta property=\"og:image:height\" content=\"113\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Rick Donato\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rick Donato\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html\"},\"author\":{\"name\":\"Rick Donato\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\"},\"headline\":\"Check Point &#8211; A look at SecureID Files\",\"datePublished\":\"2010-05-25T11:04:12+00:00\",\"dateModified\":\"2021-07-24T18:44:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html\"},\"wordCount\":373,\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2010\/05\/images_legacy_secureid.jpg\",\"articleSection\":[\"Check Point Firewalls\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html\",\"url\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html\",\"name\":\"Check Point - A look at SecureID Files - Fir3net\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2010\/05\/images_legacy_secureid.jpg\",\"datePublished\":\"2010-05-25T11:04:12+00:00\",\"dateModified\":\"2021-07-24T18:44:01+00:00\",\"description\":\"In order to to enable SecureID authentication you will need to generate an 'sdconf.rec' file from your ACE SERVER.You will then need to copy this file to\",\"breadcrumb\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html#primaryimage\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2010\/05\/images_legacy_secureid.jpg\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2010\/05\/images_legacy_secureid.jpg\",\"width\":119,\"height\":113},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fir3net.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\/\/www.fir3net.com\/security\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Check Point Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\/check-point\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Check Point &#8211; A look at SecureID Files\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fir3net.com\/#website\",\"url\":\"https:\/\/www.fir3net.com\/\",\"name\":\"Fir3net\",\"description\":\"Keeping you in the know\",\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fir3net.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.fir3net.com\/#organization\",\"name\":\"Fir3net\",\"url\":\"https:\/\/www.fir3net.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"width\":390,\"height\":88,\"caption\":\"Fir3net\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\",\"name\":\"Rick Donato\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"caption\":\"Rick Donato\"},\"description\":\"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Check Point - A look at SecureID Files - Fir3net","description":"In order to to enable SecureID authentication you will need to generate an 'sdconf.rec' file from your ACE SERVER.You will then need to copy this file to","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html","og_locale":"en_US","og_type":"article","og_title":"Check Point - A look at SecureID Files - Fir3net","og_description":"In order to to enable SecureID authentication you will need to generate an 'sdconf.rec' file from your ACE SERVER.You will then need to copy this file to","og_url":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html","og_site_name":"Fir3net","article_published_time":"2010-05-25T11:04:12+00:00","article_modified_time":"2021-07-24T18:44:01+00:00","og_image":[{"width":119,"height":113,"type":"image\/jpeg","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2010\/05\/images_legacy_secureid.jpg"}],"author":"Rick Donato","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rick Donato","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html#article","isPartOf":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html"},"author":{"name":"Rick Donato","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037"},"headline":"Check Point &#8211; A look at SecureID Files","datePublished":"2010-05-25T11:04:12+00:00","dateModified":"2021-07-24T18:44:01+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html"},"wordCount":373,"publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"image":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html#primaryimage"},"thumbnailUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2010\/05\/images_legacy_secureid.jpg","articleSection":["Check Point Firewalls"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html","url":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html","name":"Check Point - A look at SecureID Files - Fir3net","isPartOf":{"@id":"https:\/\/www.fir3net.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html#primaryimage"},"image":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html#primaryimage"},"thumbnailUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2010\/05\/images_legacy_secureid.jpg","datePublished":"2010-05-25T11:04:12+00:00","dateModified":"2021-07-24T18:44:01+00:00","description":"In order to to enable SecureID authentication you will need to generate an 'sdconf.rec' file from your ACE SERVER.You will then need to copy this file to","breadcrumb":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html#primaryimage","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2010\/05\/images_legacy_secureid.jpg","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2010\/05\/images_legacy_secureid.jpg","width":119,"height":113},{"@type":"BreadcrumbList","@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/a-look-at-secureid-files-on-a-checkpoint-firewall.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fir3net.com\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.fir3net.com\/security"},{"@type":"ListItem","position":3,"name":"Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls"},{"@type":"ListItem","position":4,"name":"Check Point Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls\/check-point"},{"@type":"ListItem","position":5,"name":"Check Point &#8211; A look at SecureID Files"}]},{"@type":"WebSite","@id":"https:\/\/www.fir3net.com\/#website","url":"https:\/\/www.fir3net.com\/","name":"Fir3net","description":"Keeping you in the know","publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fir3net.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fir3net.com\/#organization","name":"Fir3net","url":"https:\/\/www.fir3net.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","width":390,"height":88,"caption":"Fir3net"},"image":{"@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037","name":"Rick Donato","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","caption":"Rick Donato"},"description":"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders."}]}},"_links":{"self":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/451"}],"collection":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/comments?post=451"}],"version-history":[{"count":0,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/451\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media\/450"}],"wp:attachment":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media?parent=451"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/categories?post=451"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/tags?post=451"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}