Technical data

ManualsBrandsCheck Point Software Technologies ManualsNetworkingVSX-1 3070

Configuring VSX

Check Point VSX Administration Guide NGX R67 | 68

Configuring Authentication for Specific Virtual Systems

To configure client/session authentication for the VSX Gateway:

1. Backup $FWDIR/CTX/CTX#/conf/cpauthd.conf, where CTX# refers to the specific Virtual System

directory.

2. Delete the original $FWDIR/CTX/CTX#/conf/cpauthd.conf.

3. Open $FWDIR/conf/cpauthd.conf to FWDIR/CTX/CTX#/conf/cpauthd.conf using a text editor.

4. Add or modify the following attributes according to the table:

Attribute

Default

Value

Explanation

clauth_port

259

The TCP port on which client authentication over TELNET is

performed.

0 = Client authentication over TELNET is disabled.

clauth_http_port

900

The TCP port on which client authentication over

HTTP/HTTPS is performed.

0 = Client authentication over HTTP/HTTPS is disabled.

clauth_http_ssl

0 = HTTPS client authentication is disabled.

1 = HTTPS client authentication is enabled.

clauth_http_nickname

none

Specifies the certificate nickname when client authentication is

performed over HTTPS.

This attribute must match the virtual system certificate

nickname as configured using SmartDashboard (Virtual

System >VPN >Certificate List).

5. Run cpwd_admin stop -name FWD -path "$FWDIR/bin/fw" -command "fw kill fwd".

6. Run cpwd_admin start -name FWD -path "$FWDIR/bin/fwd" -command "fwd".

Notes

1. cpauthd.conf is used instead of $FWDIR/conf/fwauthd.conf on a non-VSX Gateway.

2. All virtual systems (other than the default Virtual System) are assigned a symbolic link in the

$FWDIR/CTX/CTX#/conf/cpauthd.con file. This link points to $FWDIR/conf/cpauthd.conf, where CTX#

refers to the specific Virtual System directory.

Working with Network Address Translation

This section describes the process for using Network Address Translation (NAT) in a VSX deployment. The

procedures described in this section assume that the reader is familiar with NAT concepts and their

implementation in Check Point products. For more about NAT, see the Network Address Translation chapter

in the R75.20 Firewall Administration Guide

(http://supportcontent.checkpoint.com/documentation_download?ID=12267).

VSX supports NAT for Virtual Systems much in the same manner as a physical firewall. When a NAT

enabled (Static or Hide) Virtual System connects to a Virtual Router, the translated routes are automatically

forwarded to the appropriate Virtual Router.