Checkpoint Firewall: How to Configure Local and Remote System Administrators on Checkpoint Firewall.

1.Overview

All Administrator Roles on Checkpoint Firewall:

  • Super Administrator – All permissions. Super Administrators can create new locally defined administrators and change permissions for others.
  • Read Only Administrator – Limited permissions. Read Only Administrators cannot update appliance configuration but can change their own passwords or run a traffic monitoring report from the Tools page.
  • Networking Administrator – Limited permissions. Networking Administrators can update or modify operating system settings. They can select a service or network object but cannot create or modify it.
  • Mobile Administrator – Mobile administrators are allowed all networking operations on all interfaces. They can change their own passwords, generate reports, reboot, change events and mobile policy, active hosts operations and pairing. They cannot login from or access the WebUI.

Two administrators with write permissions cannot log in at the same time. If an administrator is already logged in, a message shows. You can choose to log in with Read-Only permission or to continue. If you continue the login process, the first administrator session ends automatically.

2. Instructions.

Step 1: Create Administrator Roles.

On the administrative interface of Checkpoint Firewall > Device > System > Administrators > New.

Since there is a default Super Admin, we will create the remaining Administrator Roles.

Here I will create more Administrator Roles as Read-Only Admin and Networking Admin.

You can customize the requirements for Administrator Roles in Security Settings.

The Administrator Roles have been created.

Step 2: Check the Administrator Roles permissions.

Read-Only Admin: Login with user admin John.

Trying to update the Firewall Policy you will get a message that doesn’t have permission to configure.

Next is Networking Admin: Login with user admin Steven.

Trying to update the Firewall Policy you will get a message that doesn’t have permission to configure.

User Steven only has editing permission in the Device > Network section.

Step 3: Configure for Mobile Admin.

On the administrative interface of Checkpoint Firewall > Device > System > Administrators > New.

Create user admin Mark with admin role as Mobile Admin.

Next click Mobile Pairing Code.

Select administrator: select user admin Mark > click Generate.

On admin Mark Mobile device, download the CheckPoint WatchTower app.

Next, enter your name and provide an email to register an account.

You open the email used to register before, you will receive an email from Checkpoint containing the token code for authentication.

Copy and paste the code in the email into the Code section as shown below.

Click Continue and create a login password for WatchTower. Finally click Activate.

Click Add Gateway. You will Scan the QR code in the generated Mobile Pairing Code section.

Next enter the Admin Name as Mark and the password created above. If the connection is successful, the CheckPoint WatchTower interface will display as shown below.

Click Settings you can check the basic parameters configured of the Checkpoint device.

Click on the 3-dot icon. There will be some options like Reboot and Additional Gateway Settings.

Click Additional Gateway Settings. You can log in as super admin to edit the device configuration on the Mobile interface.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.