Difference between revisions of "Checkpoint IPSec"
m (1 revision imported) |
|
(No difference)
|
Latest revision as of 12:52, 11 May 2017
Introduction
This article explains how to modify Checkpoint IP Sec Secure Client so that it can work with PINsafe. This solution was developed with the help of one of our partners, ITogether
This covers the client modification only, at the server end the Checkpoint server needs to be configured to use PINsafe as a RADIUS server. Similarly PINsafe needs to be confgiured to accept RADIUS requests from the Checkpoint server.
Additional information is available from Checkpoint SecureClient Integration
Created a Modified Secure Client
The required files for this modification are available from Here.
he file extensions have been changed to prevent them being blocked by filters etc .dll files to .dlx, and .reg to .rex,
These need to be renamed back again.
First of all, make sure that the SecureClient is not running.
Copy PINsafeAuthGUI.dll to the SecuRemote\bin folder (actually, you can copy it anywhere, as long as you tell SecuRemote where it is). Edit SecuRemote\database\userc.C. Somewhere within the :options section (I put it right at the bottom of the section), copy the contents of GuiLibs.txt. Change the location of the file if it isn't correct.
The RegSettings.rex file contains the settings for where the Client is going to retrieve the TURing image. Edit this file to reflect the settings of the PINsafe server you are working with.
Rename RegSettings.rex to RegSettings.reg, and double-click it to install the registry settings the DLL needs.
You may not need winhttp.dll - it's part of the Windows Platform SDK - but it is included it just in case.
It should be in C:\Windows\System32.
Start SecureClient. Click connect. Under Options, Change Authentication to Secure Authentication API. When you click Connect, you should now see a dialog with a TURing on it.
The password field remains in case a password is required as well as a PIN, but this can be removed if required.
Enter the OTC, and if the server has been configured correctly and the OTC is correct, the user should authenticate.