Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Authenticating CheckPoint FW-1 via a script Internet
If you need to frequently perform client-authentication to a Checkpoint Firewall-1 via HTTPS, this can be scripted thusly:

#!/bin/sh
export USERID=your_userid
export ENCPWD=your_password
export NGWID=`curl -k https://firewall-1/ | grep ID | cut -d\" -f6`
curl  -k --data "ID=$NGWID&STATE=1&DATA=$USERID" https://firewall-1/
curl  -k --data "ID=$NGWID&STATE=2&DATA=$ENCPWD" https://firewall-1/
curl  -k --data "ID=$NGWID&STATE=3&DATA=1" https://firewall-1/
Note that your ENCPWD needs to be URI escaped if it contains special characters. If you have the Perl module URI::Escape installed you can do this with:

export ENCPWD=`perl -MURI::Escape -e "print uri_escape('your_password')"`
If the firewall requires a password based on a RSA token then insert the following:

echo -n "Enter key: "; read xx
echo "Thanks"
export ENCPWD=`perl -MURI::Escape -e "print uri_escape('$xx')"`
[robg adds: I haven't tested this one...]
    •    
  • Currently 2.75 / 5
  You rated: 3 / 5 (4 votes cast)
 
[6,987 views]  

Authenticating CheckPoint FW-1 via a script | 2 comments | Create New Account
Click here to return to the 'Authenticating CheckPoint FW-1 via a script' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Authenticating CheckPoint FW-1 via a script
Authored by: grrr223 on Jan 17, '04 06:42:49PM

How does this work exactly?

I changed the USERID and ENCPWD to my username and password, and I changed "firewall-1" to the ip address of my checkpoint server. Is that right?

But when I run it, it says it fails to connect when it runs the curl command.

I don't know much about Checkpoint, I was just recently able to get Checkpoint SecuRemote to work from within Virtual PC successfully which was pretty cool. Does anything need to be changed on the server side to my account to let me authenticate through https?

Actually, I don't know much about scripts either. What exactly do I have to do to get those lines to run. I just cut and pasted them into the terminal and it started running them, so I assume that at least works.

Would this script let me authenticate and use Remote Desktop Client all natively from within OS X?

Thanks everyone :)!



[ Reply to This | # ]
Authenticating CheckPoint FW-1 via a script
Authored by: kngfisher on Feb 17, '04 07:05:02PM

How did you get Securemote to work under VirtualPC? Which version os VirtualPC, Windows, securemote?



[ Reply to This | # ]