Integration Guide for Check Point VPN

Before starting, make sure GreenRADIUS is configured with users imported from your LDAP and can communicate with your Check Point VPN

Configuring GreenRADIUS for Check Point VPN

In the GreenRADIUS web admin interface, add the Check Point VPN as a RADIUS client.

  1. Click the Domain tab
  2. Click the domain name where you want to add the Check Point VPN as a RADIUS client
  3. Click the RADIUS Clients tab
  4. Enter the IP address of the Check Point VPN. Then enter the same RADIUS secret twice. Then click the Add button.

RADIUS Client Configuration

Configuring the Check Point VPN

Add GreenRADIUS as a RADIUS Server

  1. Log in to the Check Point VPN SmartConsole
  2. Go to Objects > New Host to add GreenRADIUS details

RADIUS Server Configuration

  1. Go to Objects > More object types > Server > RADIUS. Select the newly created GreenRADIUS host and enter GreenRADIUS details. (Note: Select "PAP" as the protocol.)

RADIUS Server Configuration

Create Users in the Check Point VPN

  1. Go to Objects > More object types > User/Identity > New User
  2. Create new users making sure that their usernames match exactly with their usernames in your LDAP and in GreenRADIUS (assuming they have already been imported into GreenRADIUS)

New User New User

Create Group in the Check Point VPN

  1. Go to Objects > More object types > User/Identity > New Group, and assign users to this group

New Group

Configure Gateway

  1. Navigate to Gateways & Servers and double click on your gateway
  2. Go to VPN Client > Authentication > Authentication Method and click the Settings button

Gateway Configuration

  1. In the Single Authentication Client Settings, set Authentication Method as RADIUS and specify the configured RADIUS server

Configure Security Policies

  1. Go to Security Policies > Access Control > Policy
  2. Click "+" to add a policy
  3. Right click and select Add Legacy User Access
  4. Select the group in the User Group dropdown menu

Security Policy Configuration

Once all of this has been configured, publish to save the settings

Publishing

Test Login

  1. To test a VPN login, launch your Check Point Endpoint Security VPN client
  2. Select the appropriate site
  3. Log in with your username and password+OTP. (If you are testing with a YubiKey or Authenticator app OTP, and the OTP Input Method is "Append OTP to password" in GreenRADIUS, then append the OTP to the end of your password in the password field.)

Test Login

  1. If the login is successful, it will show that it is connected

Connected

  1. You can verify that the login was authenticated by GreenRADIUS by going to the GreenRADIUS web admin interface > Reports tab > Authentication Requests report

Web Analytics Made Easy -
StatCounter

Updated 2022-06-08
© 2022 Green Rocket Security Inc. All rights reserved.