Symantec Privileged Access Management

Hello guys,

I'm having trouble setting up transparent login, rpd applications, using the firewall checkpoint client, have you ever done such a setup? If yes, can you send me the xml code?

thank you!

Hi Paulo,

Before we can offer you any answer, I'd like to understand what you are trying to do: usually for RDP or for transparent login we are using the mindterm java applet. Do you mean you have created a rdp application and CA PAM is only being used as a tunnel ? And that you are trying to use it to access the remote backend machine ? if so also, how are you setting transparent login ?

Hello Miquel Gilibert

I created an rdp application for the Checkpoint client, and I need to enter the Checkpoint user and password in the application, I automatically did some tests using learn mode, but it did not work.

Couple of things you need to find out.

1) Is it a windows application or Java based?

If its windows application then using control viewer you can learn almost all the fields like username/password etc

In case if this is a java based then you can use Mouse click event of learn mode to specify the user name and password field and login button.

Give it a try and let us know.

Regards,

Hi Paulo,

Your configuration looks like it could be correct, but it is hard to tell without knowing more about the program you are trying to use.

One thing I see is that your Window Title is set to "Checkpoint" but the application screenshot says "Check Point". It is important that the Window title be EXACTLY the same as the actual title. Since this is not using a standard Windows form which displays the name in the titlebar, the learn mode Control Viewer tool can help determine the actual title name.

Also I have written the tech doc below, which includes a bunch of information on how to look into the most common issues we see with Win RDP App Transparent Login.

How-to: Troubleshooting RDP Application Transparent Login:

https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec1357953.html 

Hope this helps!

-Christian

Hi Paulo

From your description it seems rather clear. I take it that nothing is written in the username and password.

Each application has a different configuration so it is very difficult to give you an xml that works, unless someone has configured the exact same application.

As Christian is mentioning it is paramount to indicate the right window title for the TL to recognize. To do that, if you are not sure about the window name you can start the learning tool and hover over the window, then copy the name. The name has to be exact.

You may as well use mouseclick and keystroke to enter the username and password as well, instead of trying to choose the actual instance name

Please make sure to test it all with the debug utility before going to PAM

If this all does not work then my advice would be to open a case to take a look

Best regards

Hi Paulo,

You can try the following:

Make sure the RDP APP's "Window Title:" reads "Check Point SmartDashboard"

Transparent Login Config:

<window id="">
  <edit id="[CLASS:Edit; INSTANCE:1]" username="true"/>
  <edit id="[CLASS:Edit; INSTANCE:2]" password="true"/>
  <edit id="[CLASS:Edit; INSTANCE:3]" text="x.x.x.x"/>
  <click id="[CLASS:AfxWnd100; INSTANCE:2]"/>
</window>

Replace "x.x.x.x" with server IP or DNS name

Unfortunately this will not work with CP SmartDashboard version R80 :-(  

R80 has a different login form that the Learn Tool cannot detect.  I have R80 kind of working (hit or miss) with mouse clicks and keystrokes, but having difficulty getting the transparent login (using the RDP Access Method) to detect the R80 client when "RDP Session:" is checked off within RDP Applications.

Hi AlfrJA99,

Were you able to get SmartConsole R80 working with Transparent Login?

Hello AlfrJA99,

It worked, PAM is entering the data in the correct fields, but when the smartdashboard is being started, the session is automatically closed.

Thanks.

Hello guys,

I was able to resolve the problem, changed the lounch path that was previously C: \ Program Files (x86) \ CheckPoint \ SmartConsole \ R77.30 \ PROGRAM \ CPAppStart.exe to C: \ Program Files (x86) \ CheckPoint \ SmartConsole \ R77 .30 \ PROGRAM \ FwPolicy.exe, and I also published the FwPolicy executable in the Windows Server remote app, and it ran normally.

Thank you all for the support.

Tried FWPolicy.exe without any luck. Can you post your TL configuration for a ref ?