Anyone here ever used Checkpoint Firewall-1 & OSX?

Fahrvergnuugen

Fahrvergnuugen

I am the law!
My company uses Check Point Firewall-1. PCs outside the building can use this thing called Securemote to log into the network. It consists of a keytag with a password that changes every 60 seconds to be matched to the firewall and client SecureID software for authenticating.

This is from the checkpoint website: http://www.checkpoint.com/products/protect/firewall-1_authentication.html

RADIUS - Users are challenged for a response, as defined by the RADIUS server.
TACACS/TACACS+ - Users are challenged for a response, as defined by the TACACS/TACACS+ server.
S/Key - Users are challenged to enter the value of the requested S/Key iteration.
OS Password - Users are challenged to enter their operating system password.
Internal Firewall Password - Users are challenged to enter their internal VPN-1/FireWall-1 password.
Axent - Users are challenged for the response, as defined by the AXENT Defender server.
SecurID - Users are challenged to enter the number displayed on a Security Dynamics SecurID token card.
Digital certificates - Users authenticate themselves by presenting their digital certificate issued by a trusted Certificate Authority.
Click to expand...

I wondered if anybody knows of a way to connect 10.2 to Firewall-1...maybe using Apples VPN client [part of internet connect]?

Any help would be greatly appreciated.
 
The answer to this is: possibly.

It all depends on how they have configured VPN on the Checkpoint firewall. If they have enabled any of the cool SecuRemote functionality, you're SOL until they release an OS X version of the software (they have a OS 9 version you can download, yet to play with it tho). If what they are doing is just a pure IPSec setup with shared keys you could get it to work, but most likely they aren't.

Brian
 
yeah, we're using SecuRemote. I'll have to call checkpoint and tell them to get working on a osx client...phat chance they'll listen :(

I really dont want to have to bring a peecee all the way to school with me :rolleyes:

I might just have them setup open ports allowed from my IP address [though this is probably insecure]. Not sure how else it can be done.
 
The securemote software does work from VirtualPC. So you could always just install that.

Brian
 
You must log in or register to reply here.
Back
Top