CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have sign-ups from twelve different countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Authentication
Reload this Page Certificate authentication
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-06-02
valery valery is offline
Junior Member
  
Join Date: 2006-06-02
Location: frankfurt
Posts: 1
Rep Power: 0
valery has an average reputation (10+)
Default Certificate authentication
Hello,

I am working on the topic : assigning users to permission groups based on their certificates.
Concerning this matter, I would like to ask two questions

Question 1
----------
Chekpoint NG allows to define rules to match a user's certificate to a permission group based on fields in the certificate's DN.
Is it possible to do it based on an X509 V3 extension ? (Meening the firewall usergroup affiliation is written in the certificate as a V3 extension)


Question 2
----------
Is it possible to restrict the certificates used for the VPN authentication based on their KeyUsage (Digital Signature, Key Encipherment, Non-Repudiation etc...)


As far as I understand the Checkpoint documentation, I did not find any clue how to achieve this goal; how far is it possible to add functionalities to Checkpoint, is it possible to develop an Add-on/Module/Script to enable this functionality ?


Thanks in advance and best regards
Valery
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 04:44.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0