Configuring Local and Remote System Administrators
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 257
To set the Session Timeout value for both local and remotely defined administrators:
1. Click Security Settings.
The Administrators Security Settings window opens.
2. Configure the session timeout (maximum time period of inactivity in minutes). The maximum value is
999 minutes.
3. To limit login failure attempts, click the Limit administrators login failure attempts checkbox.
4. Enter the number of Maximum consecutive login attempts allowed before an administrator is locked
out.
5. In Lock period, enter the time (in seconds) that must pass before a locked out administrator can
attempt to log in again.
6. To enforce password complexity on administrators, click the checkbox and enter the number of days
for the password to expire.
7. Click Apply.
Note - This page is available from the Device and Users & Objects tabs.
To connect the mobile application with the appliance for the first time:
1. Click Mobile Pairing Code.
The Connect Mobile Device window opens.
2. Select an administrator from the pull down menu.
3. Click Generate.
This generates a QR code to connect the Check Point WatchTower mobile application with the
appliance for the first time.
For more information about the mobile application, see the
Check Point SMB WatchTower App User Guide
.
Configuring a RADIUS Server for non-local Quantum Spark Appliance users:
Non-local users can be defined on a RADIUS server and not in the Quantum Spark Appliance. When a non-
local user logs in to the appliance, the RADIUS server authenticates the user and assigns the applicable
permissions. You must configure the RADIUS server to correctly authenticate and authorize non-local
users.
Note - The configuration of the RADIUS Servers may change according to the type of operating system on
which the RADIUS Server is installed.
Note - If you define a RADIUS user with a null password (on the RADIUS server), the appliance cannot
authenticate that user.
Configuring a Steel-Belted RADIUS server for non-local appliance users
1. Create the dictionary file checkpoint.dct on the RADIUS server, in the default dictionary
directory (that contains radius.dct). Add these lines in the checkpoint.dct file:
@radius.dct
MACRO CheckPoint-VSA(t,s) 26 [vid=2620 type1=%t% len1=+2 data=%s%]
ATTRIBUTE CP-Gaia-User-Role CheckPoint-VSA(229, string) r
ATTRIBUTE CP-Gaia-SuperUser-Access CheckPoint-VSA(230, integer) r
To Next Page
Loading...
Need help?
General
