Local User Base Authentication & LDAP Integration – Checkpoint CCSE best Practices

Platform: https://racks.uninets.com
Lab Name: Checkpoint CCSE
Instructor-led Training: https://www.uninets.com/security/checkpoint-certifications/
Task
Identity management and authentication of users
Telnet authentication is performed from an internal client (172.11.3.3) and an external client (172.11.4.3) utilizing legacy authentication method which is user authentication and authentication scheme of checkpoint password and username are Uninets and password admin123
You can manage users to access different services such as https,ssh using an external database using LDAP. The ip address for Ad server is 172.11.3.3
Explanation
You can verify the identity of users who log into security Gateways using Checkpoint point authentication features. You can also control security by allowing or disallowing users for certain authentication schemes such as LADAP, RADIUS,SECUREID,TACACS.
Creating Users and Groups
Authentication rules are defined by user groups and not individual users. To define authentication rules, you must first create users and then add them into groups. You can either use the security gateway proprietary user database to define users or an LDAP, radius server to define users.
Type of User:-
External User profile: – Externally defined users. who are not in the internal users database. External users are authenticated based either on their name or domain
LDAP Groups – LDAP group are required to perform a variety operations, such as defining the LDAP user’s Access Rule or LADP Remote Access Communities.
Templates: – This facilitates user definition and prevents mistakes. You can create new users based upon the appropriate template and make minor changes as necessary.
Users Groups: – Users group is a collection of users and subuser groups that we use for different purposes such as vpns or local
Database management
Users: These can be either local clients or remote clients who have access to your network and resources
Type of legacy authentication
User authentication – It uses per user basis authentication, so it uses services like http and https. Telnet is used to protect the user’s identity.
Session authentication: Provides authentication mechanism for any service. Users must provide their credential for each authentication sessions. The session authentication agent must also be installed on every authenticating clients. This method is not suitable to authenticate http services since they open multiple connections per session.
Client authentication – Allows multiple users and connections from an authorized ip adres or host authorization is performed per device. For example, finger is authorized for client machine and all users are authorized to use finger. Passwords are not required.
Authentication scheme:-
Checkpoint password: The security gateway can store a password in the local database of each user that is configured on the security management servers
Password for the operating system: – Security gateways can authenticate using username and password stored on the operating systems of systems like Gia os.
Radius: Radius is an external authentication scheme that provides security, scalability and separation of the authentication function from access server. Radius uses UDP to communicate security gateway
TACACS: – it’s also a external-authentication scheme that provides verification services .its provide access control for routers and network servers

Configuration
Log in to smart view tracker, then choose the firewall

Double-click it

So, we can see that all legacy methods are selected by default. However, we are only performing check-point password so we will need to choose check-point