Introduction

Using Check Point NGX R65, you can control the traffic coming into or going out of your networks. However, sometimes you will need or want to authenticate specific users that are accessing your resources. For example, an administrator might have to download privileged files from a restricted user s workstation, and would need special privileges for a short amount of time. With authentication, Check Point NGX s features are greatly expanded and complement already strong security with the ability to implement security on a per-user basis. Once you understand how NGX authentication works, you will probably find many uses for it in your environment.

Authentication Overview

Check Point NGX works based on the information it has to permit or deny a connection. To authenticate a particular user, the firewall needs additional information to match the user and a connection. The main topic of this chapter addresses the best way to authenticate users so that they can access privileged resources. Check Point Software has made few changes to the way authentication works since it released the NGX R60.

We will first address the issue of which users can authenticate. Check Point NGX is flexible enough to authenticate users created in various sources, databases, or external directory servers. We will then examine the different types of authentication that NGX allows, which are called user, session, and client authentication. We will also touch on SmartDirectory, Check Point s Lightweight Directory Access Protocol (LDAP) implementation.