I found this from an old FP3 doc, I think little if anything has changed with this in the new versions.
-GS Communications Between the SmartCenter Server and the SMART ClientOn the SmartCenter Server, the SMART client must be defined as being authorized to connect to the SmartCenter Server. For information on how to do this, see “Administrators” on page 136 (for Windows) or “Administrators” on page 154 (for Unix) of the When invoking the SmartDashboard on the SMART client, the VPN-1/FireWall-1 administrator is asked to identify himself and to specify the IP address of the SmartCenter Server. The SMART client initiates an SSL based connection with the SmartCenter Server. The SmartCenter Server verifies that the Client’s IP address belongs to an authorized SMART client, and sends back its certificate. Upon authenticating the SmartCenter Server's certificate, the administrator is asked to verify that the right SmartCenter Server is connected. Verification is done using the SmartCenter Server fingerprint (see the Confirm the Identity of the SmartCenter Server” on page 151). The fingerprint is a text string that represents a certain hash value computed from the SmartCenter Server certificate.Check Point Getting Started Guide.Check Point Getting Started Guide “How to Use the Fingerprint toEnabling Communication between ModulesChapter 1 Configuring VPN-1/FireWall-1 49Once the administrator approves the identity of the SmartCenter Server, the administrator’s name and password are securely sent to the SmartCenter Server. The administrator’s name and password are used to authenticate the user as a Policy Management authorized user. ________________________________ From: Warrington Bruce - bwarri <[email protected]> To: [email protected] Sent: Thu, May 13, 2010 5:16:16 PM Subject: Re: [FW-1] Need knowledge and documentation about CPMI Are you getting this question from an auditor, like we are as well? If so, the standard low tech audit script usually asks for documentation that the user login credentials are encrypted (meaning between the GUI client and the SmartCenter server in this case). It's the same question they would ask about logging into anything else, from a web site with confidential information, to your desktop login from your PC, and the auditor rarely understands even what the difference is between any of the above. Unfortunately, I've not found any Checkpoint documentation that explicitly says "login credentials" or "password" when talking about how the connection is encrypted. Your passwords *are* encrypted (you can prove it to a technical person with a sniffer trace), but I always seem to have problems convincing the auditor that the doc about encrypted communications applies to the login as well, because they aren't really sure what they should accept as documentation for each question. They basically just want documentation to exactly match the phrase they were looking to find from the question, or they flag it as not properly documented for the audit. If you're running into the same situation, let me know if you find something I've missed in the documentation searches I've done, because I've not seen the exact words they were looking for. Bruce -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of a bv Sent: Thursday, May 13, 2010 04:28 To: [email protected] Subject: [FW-1] Need knowledge and documentaion about CPMI Hi list, I need information and documentaion proof about CPMI and how secure is it? Is it encryted etc.. Regards Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= *************************************************************************** The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please resend this communication to the sender and delete the original message or any copy of it from your computer system. Thank You. **************************************************************************** Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
