Page 316 / 428
Scroll up to view Page 311 - 315
Installing a Certificate
302
Check Point ZoneAlarm User Guide
In this field…
Do this…
Valid Until
Use the drop-down lists to specify the month, day, and year when this
certificate should expire.
Note:
You must renew the certificate when it expires.
Importing a Certificate
To install a certificate
1.
Click
VPN
in the main menu, and click the
Certificate
tab.
The
Certificate
page appears.
2.
Click
Install Certificate
.
The
ZoneAlarm Certificate Wizard
opens, with the
Certificate Wizard
dialog box
displayed.
3.
Click
Import a security certificate in PKCS#12 format
.
The
Import Certificate
dialog box appears.
4.
Click
Browse
to open a file browser from which to locate and select the file.
The filename that you selected is displayed.
Page 317 / 428
Installing a Certificate
Chapter 14: Secure Remote Access
303
5.
Click
Next
.
The
Import-Certificate Passphrase
dialog box appears. This may take a few moments.
6.
Type the pass-phrase you received from the network security administrator.
7.
Click
Next
.
The
Done
dialog box appears, displaying the certificate's details.
8.
Click
Finish
.
The ZoneAlarm router installs the certificate. If a certificate is already installed, it is
overwritten.
The Certificate Wizard closes.
The
Certificates
page displays the following information:
•
The gateway's certificate
•
The gateway's name
•
The gateway certificate's fingerprint
•
The CA's certificate
•
The name of the CA that issued the certificate
•
The CA certificate's fingerprint
Page 318 / 428
Uninstalling a Certificate
304
Check Point ZoneAlarm User Guide
•
The starting and ending dates between which the gateway's certificate and the
CA's certificate are valid
Uninstalling a Certificate
A certificate is required for the correct functioning of the VPN Server. If you uninstall the
certificate, VPN Clients configured for certificate authentication will not be able to connect
to the VPN Server.
Note:
If you want to replace a currently-installed certificate, there is no need to
uninstall the certificate first. When you install the new certificate, the old certificate
will be overwritten.
To uninstall a certificate
1.
Click
VPN
in the main menu, and click the
Certificate
tab.
The
Certificate
page appears with the name of the currently installed certificate.
2.
Click
Uninstall
.
A confirmation message appears.
3.
Click
OK
.
The certificate is uninstalled.
A success message appears.
4.
Click
OK
.
Page 319 / 428
Viewing VPN Tunnels
Chapter 14: Secure Remote Access
305
Viewing VPN Tunnels
You can view a list of currently established VPN tunnels.
To view VPN tunnels
1.
Click
Reports
in the main menu, and click the
VPN Tunnels
tab.
The
VPN Tunnels
page appears with a table of open VPN tunnels.
The
VPN Tunnels
page includes the information described in the following table.
2.
To refresh the table, click
Refresh
.
Page 320 / 428
Viewing VPN Tunnels
306
Check Point ZoneAlarm User Guide
Table 73: VPN Tunnels Page Fields
This field…
Displays…
Type
The currently active security protocol (IPSEC).
Source
The IP address or address range of the entity from which the tunnel
originates.
The entity's type is indicated by an icon. See
VPN Tunnel Icons
on page
307.
Destination
The IP address or address range of the entity to which the tunnel is
connected.
The entity's type is indicated by an icon. See
VPN Tunnel Icons
on page
307.
Security
The type of encryption used to secure the connection, and the type of
Message Authentication Code (MAC) used to verify the integrity of the
message. This information is presented in the following format: Encryption
type/Authentication type.
In addition, if IPSec compression is enabled for the tunnel, this field displays
the
icon.
Note:
All VPN settings are automatically negotiated between the two sites.
The encryption and authentication schemes used for the connection are the
strongest of those used at the two sites.
Your ZoneAlarm router supports AES, 3DES, and DES encryption schemes,
and MD5 and SHA authentication schemes.
19216811.live