{"id":57,"date":"2008-07-31T14:47:57","date_gmt":"2008-07-31T14:47:57","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2008\/07\/31\/authentication-in-checkpoint\/"},"modified":"2021-07-24T19:35:11","modified_gmt":"2021-07-24T19:35:11","slug":"authentication-in-checkpoint","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html","title":{"rendered":"Check Point &#8211; Authentication"},"content":{"rendered":"<p><span   >When adding an authentication action to a rule there are 3 types, <\/span><\/p>\n<ol>\n<li><span   >User <\/span><\/li>\n<li><span   >Session <\/span><\/li>\n<li><span   >Client <\/span><\/li>\n<\/ol>\n<p><span   ><strong>User<\/strong> authentication works by intercepting connects going through the FW-1 and prompting the user for authentication. To do this the firewall has to modify the traffic, so this authentication type can only be used with FTP, HTTP, Telnet and RLOGIN. <\/span><\/p>\n<ul>\n<li><span   ><strong>Advantages<\/strong> &#8211; Most secure, as authenticating is done on each connection <br \/><\/span><\/li>\n<li><span   ><strong>Disadvantages<\/strong> &#8211; Only available on FTP, HTTP, Telnet and RLOGIN protocols<br \/><\/span><\/li>\n<\/ul>\n<p><span   ><strong>Session<\/strong> authentication uses software installed on the clients machine. When the rule with session authentication is hit, the firewall tries to connect to the agent on the clients machine on port 261, a authentication dialog box is then presented to the user. This works on all protocol. <\/span><\/p>\n<ul>\n<li><span   ><strong>Advantages<\/strong> &#8211; Works on all protocols<br \/><\/span><\/li>\n<li><span   ><strong>Disadvantages<\/strong> &#8211; Software has to be installed on the clients machine (Windows only)<\/span><\/li>\n<\/ul>\n<p><span   ><strong>Client<\/strong> authentication acts on authenticating the machine. The user is required to connect to the FW-1 gateway address on either port 259 (telnet) or 900 (HTTP). Once the user has authenticated the machine IP will be permitted.&nbsp; <br \/><\/span><\/p>\n<ul>\n<li><span   ><strong>Advantages<\/strong> &#8211; Works on all protocols<\/span><\/li>\n<li><span   ><strong>Disadvantages<\/strong> &#8211; Not as secure as the previous 2 as it is associated with an IP rather then a user. We recommend this is only used on single-user machine.<\/span><\/li>\n<\/ul>\n<p><span   ><strong >Rule Base Order<\/strong><\/span><\/p>\n<p><span   >With authentication rules the standard top to bottom doesn&#8217;t apply. The firewall will check to see if there are any rules that match any non authentication rules first.<\/span><\/p>\n<p><span   >So where do I put my rules ??<\/span><\/p>\n<ol>\n<li><span   >Add them above your stealth rule (stealth rule being the rules that allow access to your firewall) so that it allows the user to authenticate with the firewall (Client Authentication).&nbsp;<\/span><\/li>\n<li><span   >Place the authentication rule above the accept rule. Then add a deny rule for the spefic host. As you can see below.<\/span><\/li>\n<\/ol>\n<p><span   ><\/span><\/p>\n<p>Using the above example access to any host would be accepted using the accept rule. Where as access to 64.20.35.155 would use the client auth rule.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When adding an authentication action to a rule there are 3 types, User Session Client User authentication works by intercepting connects going through the FW-1 and prompting the user for authentication. To do this the firewall has to modify the traffic, so this authentication type can only be used with FTP, HTTP, Telnet and RLOGIN. &#8230; <a title=\"Check Point &#8211; Authentication\" class=\"read-more\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html\" aria-label=\"Read more about Check Point &#8211; Authentication\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":56,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Check Point - Authentication - Fir3net<\/title>\n<meta name=\"description\" content=\"When adding an authentication action to a rule there are 3 types, User Session Client User authentication works by intercepting connects going through the\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Check Point - Authentication - Fir3net\" \/>\n<meta property=\"og:description\" content=\"When adding an authentication action to a rule there are 3 types, User Session Client User authentication works by intercepting connects going through the\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html\" \/>\n<meta property=\"og:site_name\" content=\"Fir3net\" \/>\n<meta property=\"article:published_time\" content=\"2008-07-31T14:47:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-24T19:35:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2008\/07\/images_legacy_cpauth.png\" \/>\n\t<meta property=\"og:image:width\" content=\"489\" \/>\n\t<meta property=\"og:image:height\" content=\"100\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Rick Donato\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rick Donato\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html\"},\"author\":{\"name\":\"Rick Donato\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\"},\"headline\":\"Check Point &#8211; Authentication\",\"datePublished\":\"2008-07-31T14:47:57+00:00\",\"dateModified\":\"2021-07-24T19:35:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html\"},\"wordCount\":332,\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2008\/07\/images_legacy_cpauth.png\",\"articleSection\":[\"Check Point Firewalls\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html\",\"url\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html\",\"name\":\"Check Point - Authentication - Fir3net\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2008\/07\/images_legacy_cpauth.png\",\"datePublished\":\"2008-07-31T14:47:57+00:00\",\"dateModified\":\"2021-07-24T19:35:11+00:00\",\"description\":\"When adding an authentication action to a rule there are 3 types, User Session Client User authentication works by intercepting connects going through the\",\"breadcrumb\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html#primaryimage\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2008\/07\/images_legacy_cpauth.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2008\/07\/images_legacy_cpauth.png\",\"width\":489,\"height\":100},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fir3net.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\/\/www.fir3net.com\/security\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Check Point Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\/check-point\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Check Point &#8211; Authentication\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fir3net.com\/#website\",\"url\":\"https:\/\/www.fir3net.com\/\",\"name\":\"Fir3net\",\"description\":\"Keeping you in the know\",\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fir3net.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.fir3net.com\/#organization\",\"name\":\"Fir3net\",\"url\":\"https:\/\/www.fir3net.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"width\":390,\"height\":88,\"caption\":\"Fir3net\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\",\"name\":\"Rick Donato\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"caption\":\"Rick Donato\"},\"description\":\"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Check Point - Authentication - Fir3net","description":"When adding an authentication action to a rule there are 3 types, User Session Client User authentication works by intercepting connects going through the","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html","og_locale":"en_US","og_type":"article","og_title":"Check Point - Authentication - Fir3net","og_description":"When adding an authentication action to a rule there are 3 types, User Session Client User authentication works by intercepting connects going through the","og_url":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html","og_site_name":"Fir3net","article_published_time":"2008-07-31T14:47:57+00:00","article_modified_time":"2021-07-24T19:35:11+00:00","og_image":[{"width":489,"height":100,"url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2008\/07\/images_legacy_cpauth.png","type":"image\/jpeg"}],"author":"Rick Donato","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rick Donato","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html#article","isPartOf":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html"},"author":{"name":"Rick Donato","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037"},"headline":"Check Point &#8211; Authentication","datePublished":"2008-07-31T14:47:57+00:00","dateModified":"2021-07-24T19:35:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html"},"wordCount":332,"publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"image":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html#primaryimage"},"thumbnailUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2008\/07\/images_legacy_cpauth.png","articleSection":["Check Point Firewalls"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html","url":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html","name":"Check Point - Authentication - Fir3net","isPartOf":{"@id":"https:\/\/www.fir3net.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html#primaryimage"},"image":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html#primaryimage"},"thumbnailUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2008\/07\/images_legacy_cpauth.png","datePublished":"2008-07-31T14:47:57+00:00","dateModified":"2021-07-24T19:35:11+00:00","description":"When adding an authentication action to a rule there are 3 types, User Session Client User authentication works by intercepting connects going through the","breadcrumb":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html#primaryimage","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2008\/07\/images_legacy_cpauth.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2008\/07\/images_legacy_cpauth.png","width":489,"height":100},{"@type":"BreadcrumbList","@id":"https:\/\/www.fir3net.com\/Firewalls\/Check-Point\/authentication-in-checkpoint.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fir3net.com\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.fir3net.com\/security"},{"@type":"ListItem","position":3,"name":"Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls"},{"@type":"ListItem","position":4,"name":"Check Point Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls\/check-point"},{"@type":"ListItem","position":5,"name":"Check Point &#8211; Authentication"}]},{"@type":"WebSite","@id":"https:\/\/www.fir3net.com\/#website","url":"https:\/\/www.fir3net.com\/","name":"Fir3net","description":"Keeping you in the know","publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fir3net.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fir3net.com\/#organization","name":"Fir3net","url":"https:\/\/www.fir3net.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","width":390,"height":88,"caption":"Fir3net"},"image":{"@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037","name":"Rick Donato","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","caption":"Rick Donato"},"description":"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders."}]}},"_links":{"self":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/57"}],"collection":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/comments?post=57"}],"version-history":[{"count":0,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/57\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media\/56"}],"wp:attachment":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media?parent=57"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/categories?post=57"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/tags?post=57"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}