1. Home
  2. Docs
  3. Application Integrations
  4. Check point Firewall SAML

Check point Firewall SAML

Introduction

This document explains how to configure and manage Check point Remote Access VPN integration with the PureAUTH Identity Platform and make Check point Remote Access VPN authentication Passwordless.

Prerequisite 

  1. Check point security gateway:
  2. Check point security management or multi-domain Server:
  3. SmartConsole:

Installation 

  1. Install this Hotfix packages on the Management server.
  2. Install this Hotfix packages on the Security Gateways / each cluster member.

Note: If you are installing this release on Cluster Members or VPN Remote Access MEP members, you must make sure all members of a Cluster / MEP are the same. If you install this release on one Cluster / MEP member, you must do the same on all the members.

Follow the applicable installation procedure in sk168597.

Configurations 

Step1 : Configure the Remote Access VPN

Note: Even if your Security Gateway is already configured to support Remote Access VPN, it is important to open the Security Gateway object and click OK to enable the SAML portal on the Security Gateway.

  1. Open the object of the applicable Security Gateway.
  2. On the General Properties page, enable the IPSec VPN Software Blade.
  3. From the left tree, click the IPSec VPN page.
  4. In the section This Security Gateway participates in the following VPN communities, click Add and select Remote Access Community.
  5. From the left tree, click VPN clients > Remote Access.
  6. Enable Support Visitor Mode.
  7. From the left tree, click VPN clients > Office Mode. (Optional)***
  8. Select Allow Office Mode and select the applicable Office Mode Method. (Optional)***
  9. From the left tree, click VPN Clients > SAML Portal Settings.
  10. Make sure the Main URL contains the fully qualified domain name of the gateway.
    • Note: This domain name should end with a DNS suffix registered by your organization. For example: gateway1.company.com
  11. Make sure the Certificate is trusted by the end users’ browser.
  12. Click OK.

Step 2: Configure an Identity Provider object

Important – Do this step for each Security Gateway that participates in Remote Access VPN.

  1. Create a new Identity Provider object.
    1. In SmartConsole R80.40 and higher:
    2. New > More > Server > Identity provider
Was this article helpful to you? Yes No