Setup instructions for sending SMS from Check Point Connectra
In this installation guide you will get
detailed instructions on how to configure your Check Point Connectra to be able
to send SMS messages with the help of Ozeki NG SMS Gateway. Please follow
the instructions and check the configuration screenshots, also.
With Ozeki's solution for Check Point Connectra you can add
SMS extension to your IT system. In practice it means that Check Point Connectra
includes Dynamic ID which is a new method
for password delivery and makes
a two-factor authentication possible. After you provide your password during the
initial login, the Check Point gateway generates an other one-time password.
This password is sent to a given mobile phone as SMS message with the help of
Ozeki NG SMS Gateway.
This solution makes your IT environment more secure. It also has further
advantages such as the generated passwords expire automatically after they were
used. The administrator can also make settings to improve security. He can
preset the longevity of passwords. Furthermore, it can also be set what should
happen if you or your employees fail to use the generated one-time password.
In this case the
administrator can decide that the system should deny access to resources
partially or completely. He also can set which certain specified options
requiring SMS authentication should be allowed or denied.
If you decide to setup an SMS system in your company you will get a
well-functioning and reliable system as this excellent solution offers a secure
way to handle corporate passwords.
Prerequisites
In order to setup this solution you need to find a way
to connect your system to the mobile network. You can do this
by using an Internet connection or you can
setup a wireless connection by attaching a GSM phone/GSM modem to your computer. To help you make a
decision, we have prepared a webpage for you:
Internet based SMS connections vs. GSM modem based (wireless) SMS connections.
Depending
on what you select, you need the following prerequisites.
Prerequisites for Internet based connection to the Mobile network
If you wish to connect your system to an SMS service
provider over the Internet you need the following components:
Figure 1/a - Prerequisites for Ozeki NG SMS
Gateway IP SMS connection
In this case you need to find an SMS service
provider who can reach the mobile phones in your area. This SMS
service provider should be able to provide SMS service through
the Internet. To find such a provider, you can check our
website where we list some of them:
SMPP SMS Service providers.
Once you have found such a provider, you need to sign up for
their service to get the connection parameters. You can use these parameters
to configure your Ozeki NG SMS Gateway software.
Prerequisites for wireless (GSM modem) connection to the Mobile network
If you wish to connect your system to the mobile
network wirelessly, you need a GSM modem or GSM phone, that you
can attach to your computer with a data cable. In this case your Ozeki
NG SMS Gateway software will operate this phone and will send and receive
SMS messages wirelessly. To setup this connection method, you need the following
components:
Figure 1/b - Prerequisites for Ozeki NG SMS
Gateway GSM modem connection
Your checklist (for GSM modem connection):
*The SIM card will come with a plan, that will
determine how much money you will spend on each SMS.
System architecture
Ozeki's solution enables your system to send a one-time password
to given mobile devices. These devices can be mobile phones or PDAs. This process
works as follows:
You log into your system with a username and a password. Check Point
Connectra makes a two-factor authentication possible. In practice it means that
Check Point Connectra will generate a One-Time Password. It sends this
generated
password over a HTTP request to Ozeki NG SMS Gateway. The Ozeki gateway will
process it and send an SMS containing this new password to the given mobile
phone (Figure 2).
Figure 2 - Ozeki NG SMS Gateway - solution
for how to send SMS from Check Point Connectra
Configuration guide
If you wish to add SMS functionality to Check Point Connectra
please follow the steps of this guide!
Step 1. Configure Connectra gateway
To configure your system you need the Check Point Connectra
gateway and an other computer from which you will control this system. First,
start the gateway of Connectra and log into the system. If it is the first time
you login, log into the console of Connectra with the default username: "admin"
and the default password: "admin". First you have to change the password and
then the username, as well (Figure 3).
Figure 3 - First login
Then enter expert mode. Type into the console: "expert". You
need to provide your password to be able to enter expert mode. After you enter
it, specify another password to be used to enter expert mode after this time.
By default "vi" text editor is installed on the gateway. To start this
text editor type this into the console: "vi" (Figure 4).
Figure 4 - Expert mode
If it is started you will see the follows (Figure 5):
Figure 5 - Vi text editor
Press "i" to enter insert mode and type the usernames and
their phone numbers; and separate them with "space". You can see it in the
following syntax:
Name <space> phone number
|
Please note that after the <space> part of the inserted
characters only numbers will be processed so please pay attention when you
provide these data (Figure 6). For example:
user1 06301234567
user2 06209876543
user3 06704563219
Figure 6 - Inserted numbers
If you finish, press "backspace" and enter the following values
(Figure 7):
:wq! $CVPNDIR/conf/SmsPhones.lst
|
With this command you will exit and save data in the
following folder: "$CVPNDIR/conf". It will be saved in the following file
name: "SmsPhones.lst"
Figure 7 - Create SMS phone file
If you finish, press "Enter". In order to changes come to
operation, reboot your gateway. To do so, type in: "reboot" then press
"Enter" again (Figure 8).
Figure 8 - Reboot gateway
Check Point Connectra will ask if you really want to
reboot. If you press "yes" then rebooting process starts
(Figure 9).
Figure 9 - Connectra reboot starts
The following steps will show you how to configure the IP
address
of the gateway if it is not proper for some reason. In our example the default
IP address is 192.168.1.1, and the address will be changed to the following
one: 192.168.91.200.
In order to change IP address first type "sysconfig". In
this case the system configuration of
Connectra starts (Figure 10).
Figure 10 - Sysconfig starts
The first menu is "Network configuration menu". In it, select
the forth menu item: "Network Connections"
(Figure 11).
Figure 11 - Network Connections
Then in "Network connections configuration menu" select the
second menu item: "Configure Connection" (Figure 12).
Figure 12 - Configure a network connection
Select the requested connection (in our example: "eth0").
To configure this connection press "1" (Figure 13).
Figure 13 - Configure ethernet0 connection
The following menu item will change the actual IP address:
"Change
IP Settings". To do this press "1" (Figure 14).
Figure 14 - Change IP settings
Then you need to provide an IP address and
a netmask which is appropriate for this connection. If you finish press "Enter"
(Figure 15).
Figure 15 - IP address and netmask
Now close "Settings" menu with the help of "E" and "Q". If
you finish, reboot the gateway again, type in "reboot".
Step2. Configure Connectra gateway with "First time
configuration wizard"
Then start the
operational system and type in the browser: "https://192.168.91.200:4433".
Please note that "192.168.91.200" is the changed IP address.
"First time configuration wizard" of Connectra automatically starts. On the first
page you can read the license agreement. Click on "I accept" (Figure 16).
Figure 16 - License Agreement
Login with your username and password you changed at your first
login to Connectra
gateway. Click on "Login". After you login the wizard appears again. Click on
"Next" (Figure 17).
Figure 17 - Configuration welcome page
On the next page you will find network connections assigned to
the gateway. Click on
"Next" (Figure 18).
Figure 18 - Network connections
On the next page there is the routing table. You need to define
a default route. Click on "New" and "Default route" menu item in it (Figure 19).
Figure 19 - New default route
If you defined a default route, click on "Next". On the next
page you need to define a hostname for the gateway. In our example it
will be "Connectra" (Figure 20).
Figure 20 - Connectra host name
If you finish, click on "Next". On the next page you can set
the date and time. If you do not want to change it, click on "Next" (Figure 21).
Figure 21 - Date configuration
On the next page you can define Web and SSH clients (Figure 22).
Figure 22 - Web and SSH clients
Then you need to select the management type of your
gateway: "Locally" or "Centrally" (Figure 23).
Figure 23 - Management type
Then you need to add a GUI client. Namely you need to add the
IP address or hostname of the computer from which the gateway will be configured.
You can login and configure the gateway only from this computer. If you
finish click on "Apply" (Figure 24).
Figure 24 - Add GUI client
Then you can see the added client. Click on "Next" (Figure 25).
Figure 25 - Added GUI client
Now provide the name and password of the administrator (Figure
26).
Figure 26 - Enter Connectra administrator
Next you need to download "SmartConsole" (Figure 27).
Figure 27 - Smart console application
Click on "Download" and install the application. In
the end of the installation you will get a notification and on the next page you
will get a summary of the gateway's configuration (Figure 28).
Figure 28 - Configuration summary
Click on "Finish". A window appears asking if you really want to
continue. Click on "Yes" (Figure 29).
Figure 29 - Configuration process
By clicking "Yes" you start installation. In the end of the
installation there is a window which notify you that the installation is
complete. Click on "OK" and you can close the gateway (Figure 30).
Figure 30 - Configuration finished
Step3. Final configuration with SmartDashboard
Now start the following application: "SmartDashboard R65".
A window appears, type the necessary data in it: provide the administrator's
username and password,
and the address of "SmartCenter Server": "192.168.91.200". Please note that this
is the changed IP address (Figure 31).
Figure 31 - SmartDashboard connection
On the next page you need to approve the fingerprint of the
SmartCenter Server (Figure 32).
Figure 32 -Approve fingerprint
Now the SmartDashboard window appears (Figure 33)
Figure 33 - SmartDashboard
Now you need to provide the users you defined with their telephone
numbers at Check Point Connectra Gateway. To do so click on "Users and
Authentication/Internal users/Users" (Figure 34).
 > |
Figure 34 - Users
On the right panel click on "New user" and then "Default"
(Figure 35).
Figure 35 - Add a default user
In the "Login Name" line provide the username you defined at the
gateway previously. Then click on "Authentication" pane (Figure 36).
Figure 36 - Add a username
In the "Authentication" pane select "Check Point Password" in
"Authentication Scheme" line. You also need to provide a password which will be
used by the defined user (Figure 37).
Figure 37 - User password
Then you can see the provided users (Figure 38).
Figure 38 - Created users
Now click on "Authentication to Connectra" at the
Authentication sub-menu (Figure 39).
Figure 39 - Authentication to Connectra
Check the following option: "Challenge users to provide an OTP
received at their mobile device via SMS". Then fill it with the following
data (Note that 192.168.91.250 is the IP address where Ozeki NG SMS Gateway has been
installed):
For SMS Provider URL:
http://192.168.91.250:9501/api?$APIID&username=$USERNAME&password=
$PASSWORD&recipient=$PHONE&messagetype=SMS:TEXT&messagedata=$MESSAGE
|
Username: admin
Password: abc123
(Please note that this username and password is the default user at Ozeki NG SMS
Gateway.)
API ID: action=sendmessage
Please note that you need to enter the connection
strings in one line without line brakes!
Then click on "Advanced" (Figure 40).
Figure 40 - OTP settings
In the first menu item provide how you require the SMS
authentication, the length of one-time password, and the validity of this
password. You can provide your message data in "SMS Message" part. For example
(Figure 41):
Dear $NAME! Your one-time verification code to Connectra is: $CODE
|
Please note that "$NAME" holds the username and "$CODE" will be
the sent One-Time Password.
Figure 41 - Advanced two factor
authentication settings
You can also set other options for this password.
If you finish, click on "OK". Then click on "Install" menu item
in the "Policy" menu (Figure 42). Note that at least one application
and one access to application needs to be defined to do this.
Figure 42 - Install policy
Step 4. Test the system
Now the configuration is complete. To test the system
I type in the browser: "https://192.168.91.200". In the appeared window I provide
a username and password that have been defined at SmartDashboard and click on
"Sign In" (Figure 43).
Figure 43 - Connectra portal
Next you can see that Connectra has sent the One-Time Password
and it waits for the user to type it in (Figure 44).
Figure 44 - Verification code sent from
Connectra
In Ozeki NG SMS Gateway you can check the sent password
(Figure 45).
Figure 45 - Sent message in Ozeki
If this password is typed into Connectra and click on "Submit"
then the user can enter Connectra (Figure 46).
Figure 46 - Entered code in Connectra
Thank you for reading this guide!
If you wish to add SMS
functionality to your IT system please download Ozeki NG SMS Gateway from the
download page!
FAQ
Feature list of Ozeki NG SMS Gateway
User Guide for Ozeki NG SMS Gateway
Product manual
| 
