[ppawlo]

Hym, from few years we have been using remotely connection. We create certificate on our FW. Next we import this certificate to user and set the password to this. People to connection need the CP certificate.
I think it is very good solution, very secure.
Now, we need to reinstall SmartCenter. Unfortunately after that we will have lost all certificates. Now we have got about 80 users with certificates. So, before we reinstall SmartCenter we need change the authentication of connection. By the way we have only three choice:

Authentication by checkpoint’s password
Authentication by user password of Active Directory
Authentication by user certificate of Active Directory.

Ad 1. I think it is very unsecure. Checkpoint password has only 8 letters.
Ad 2. I think it also unsecure. When I know login name and password of my colleague I will be able not only to their computers but also to their other sites.
Ad 3. I think it is a good solution. I heard a lot about it and everything looks great. What do you think about this solution? Do you know some weaknesses of it?

Will our user be able to revoke their certificate remotely or automatically without administrator?
Are we able to set using the password (strong private key protection).

Thank you for help,
Pawel