Layer7 Privileged Access Management

Expand all | Collapse all

Transparent login for client checkpoint

Jump to Best Answer
  • 1.  Transparent login for client checkpoint

    Posted 03-13-2017 11:03 AM
      |   view attached

    Hello guys,

    I'm having trouble setting up transparent login, rpd applications, using the firewall checkpoint client, have you ever done such a setup? If yes, can you send me the xml code?

    thank you!



  • 2.  Re: Transparent login for client checkpoint

    Posted 03-13-2017 11:51 AM

    Hi Paulo,

    Before we can offer you any answer, I'd like to understand what you are trying to do: usually for RDP or for transparent login we are using the mindterm java applet. Do you mean you have created a rdp application and CA PAM is only being used as a tunnel ? And that you are trying to use it to access the remote backend machine ? if so also, how are you setting transparent login ?



  • 3.  Re: Transparent login for client checkpoint

    Posted 03-13-2017 12:54 PM

    Hello Miquel Gilibert

    I created an rdp application for the Checkpoint client, and I need to enter the Checkpoint user and password in the application, I automatically did some tests using learn mode, but it did not work.

     

     

    RDP Application

     

     

     

    Client



  • 4.  Re: Transparent login for client checkpoint

    Posted 03-14-2017 02:38 AM

    Couple of things you need to find out.

     

    1) Is it a windows application or Java based?

    If its windows application then using control viewer you can learn almost all the fields like username/password etc

    In case if this is a java based then you can use Mouse click event of learn mode to specify the user name and password field and login button.

     

    Give it a try and let us know.

     

    Regards,



  • 5.  Re: Transparent login for client checkpoint

    Posted 03-13-2017 01:21 PM

    Hi Paulo,

     

    Your configuration looks like it could be correct, but it is hard to tell without knowing more about the program you are trying to use.

     

    One thing I see is that your Window Title is set to "Checkpoint" but the application screenshot says "Check Point". It is important that the Window title be EXACTLY the same as the actual title. Since this is not using a standard Windows form which displays the name in the titlebar, the learn mode Control Viewer tool can help determine the actual title name.

     

    Also I have written the tech doc below, which includes a bunch of information on how to look into the most common issues we see with Win RDP App Transparent Login.

     

    How-to: Troubleshooting RDP Application Transparent Login:

    https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec1357953.html 

     

    Hope this helps!

    -Christian



  • 6.  Re: Transparent login for client checkpoint

    Posted 03-14-2017 06:48 AM

    Hi Paulo

    From your description it seems rather clear. I take it that nothing is written in the username and password.

    Each application has a different configuration so it is very difficult to give you an xml that works, unless someone has configured the exact same application.

    As Christian is mentioning it is paramount to indicate the right window title for the TL to recognize. To do that, if you are not sure about the window name you can start the learning tool and hover over the window, then copy the name. The name has to be exact.

    You may as well use mouseclick and keystroke to enter the username and password as well, instead of trying to choose the actual instance name

    Please make sure to test it all with the debug utility before going to PAM

    If this all does not work then my advice would be to open a case to take a look

    Best regards



  • 7.  Re: Transparent login for client checkpoint
    Best Answer

    Posted 03-15-2017 05:39 PM

    Hi Paulo,

    You can try the following:

    Make sure the RDP APP's "Window Title:" reads "Check Point SmartDashboard"

    Transparent Login Config:

     

    <window id="">
      <edit id="[CLASS:Edit; INSTANCE:1]" username="true"/>
      <edit id="[CLASS:Edit; INSTANCE:2]" password="true"/>
      <edit id="[CLASS:Edit; INSTANCE:3]" text="x.x.x.x"/>
      <click id="[CLASS:AfxWnd100; INSTANCE:2]"/>
    </window>

     

    Replace "x.x.x.x" with server IP or DNS name

     

    Unfortunately this will not work with CP SmartDashboard version R80 :-(  

    R80 has a different login form that the Learn Tool cannot detect.  I have R80 kind of working (hit or miss) with mouse clicks and keystrokes, but having difficulty getting the transparent login (using the RDP Access Method) to detect the R80 client when "RDP Session:" is checked off within RDP Applications.



  • 8.  Re: Transparent login for client checkpoint

    Posted 03-29-2019 04:34 PM

    Hi AlfrJA99,

    Were you able to get SmartConsole R80 working with Transparent Login?



  • 9.  Re: Transparent login for client checkpoint

    Posted 03-16-2017 09:55 AM

    Hello AlfrJA99,

    It worked, PAM is entering the data in the correct fields, but when the smartdashboard is being started, the session is automatically closed.

     

    Thanks.

     

     

    RDP Application

     

     

    RDP Application



  • 10.  Re: Transparent login for client checkpoint

    Posted 03-16-2017 02:46 PM

    Hello guys,

     

    I was able to resolve the problem, changed the lounch path that was previously C: \ Program Files (x86) \ CheckPoint \ SmartConsole \ R77.30 \ PROGRAM \ CPAppStart.exe to C: \ Program Files (x86) \ CheckPoint \ SmartConsole \ R77 .30 \ PROGRAM \ FwPolicy.exe, and I also published the FwPolicy executable in the Windows Server remote app, and it ran normally.

     

    Thank you all for the support.



  • 11.  Re: Transparent login for client checkpoint

    Posted 12-12-2017 12:37 AM

    Tried FWPolicy.exe without any luck. Can you post your TL configuration for a ref ?