Friday, March 28, 2014

iPad Document security - follow up

Some people from Check Point are still sending me private messages concerning my post about document security iPad app. Some even try to make it personal. Some others are just interested in getting to the bottom of it.

To both groups: I did not make it up, and I have honestly described the issue. Some of you even have the detailed step by step explanation of my experience.

I am sorry if you are upset by that.

I could give a hand to second group to reproduce the issue. I am still not ready to do in on my personal iPad, because I am using it for business purposes, and I have to have it operational. Any other option will be carefully considered.

My door remains open for you.

Thursday, March 27, 2014

Transparent Kerberos SSO with multiple GWs

Check Point Identity Awareness is a neat feature, especially with browser based transparent SSO authentication. It is also a challenging one. There is a lot of configurations to do on AD side, and that is not a strong domain for some of FW administrators. For example, I specifically started working with Check Point to be as far away as possible from a turmoil of Windows administration.

Jokes aside, there is something that Check Point documentation is not covering clear enough.

With Kerberos, one has to configure Kerberos Principal Name with a use account. Identity Awareness admin Guide is covering this point fairly well, on pages 58-59 (R77 version of the document). There is a caveat though. The document is written under assumption there is only a single FW or clsuter enforcing user identity with Kerberos. Ktpass command should how to map Kerberos parameters to the user account in the document are only working for a single portal URL.

What if one has more than one GW? Ktpass is no use here. Instead, administrators have to edit servicePrincipalName with Multi-valued String Editor to add multiple URLs there to enable IA working for the same user through multiple Identity Awareness enabled gateways. To simplify the config, just refer to this screenshot bellow.

Monday, March 17, 2014

Great collections of Check Point "How to" links

If you have not seen it yet, there is a great collection of "how to" solutions and guides in SK65385. It has been last updated 14th of March 2014, and I can guess, Check Point is adding new entries there from time to time.

If you do not know, how to start with some complex issue, that would be a good place to start. As complexity of SecureKnowledge grows fast, we need such high level references.

Great job, SecureKnowledge teem, great job indeed!

Thursday, March 6, 2014

Stay away from Document security app on iPad

I have had to install Check Point Document Security application on my iPad the other night. I did not want to, but Check Point guys have sent me some secured doc. So I had to. Big, big mistake.

This morning my iPad was fully charged, this afternoon the battery was completely drained. Considering it was just lying on the table half a day, that was odd. Obviously some app was stuck using CPU. So I have managed to charge it again to around 15% and started to kill applications one by one.

When I was trying ti kill Document Security, iPad crashed. I have charged it again, same drill. I could not close this bloody app! More, I could not charge it to a decent percentage anymore. Once charged to 10%, iPad was booting, then some app was eating all the power again.

It took me some tricks to finally kill it. Guess what? Once I have done that, the battery percentage jumped from 9% to 23%.

I guess there is just a few people writing Apple apps in Check Point. I would sincerely ask them to do some QA. SecureKnowledge app is great, but it is crashing with iOS 7. But at least you have other means to get your support cases, one can access them from Safari. With document security one has to use an app, there is no other way around.

So guys, please stop releasing half backed good, that gives a wrong impression. Pretty please...

------------- UPDATE--------------

I have been contacted by Check Point concerning this issues. It seems they could not reproduce it, even after my deliberate explanation of my case. And guess what, my SecureKnowledge app is not crashing anymore. That's a miracle.

Monday, March 3, 2014

3D Security report tool is now fully integrated into R77.10

If you have been following my posts about 3D Security Analysis Report tool, there are good news. Check Point has made an effort to integrate the tool completely with R77.10 release.

No more packages to install, just fire up the version, open Event Analysis GUI and check 3D Security Analysis Report under View options.

You will still need MS Office installed on the machine generating reports.