Check Point Mobile Access Plugin

Protecting your site with CryptoPhoto is quick and easy.

Check Point Mobile Access Help

CryptoPhoto for Mobile Access

Before being able to deploy the CryptoPhoto Check Point Mobile Access plugin, you must register a new CryptoPhoto administration account and obtain API Keys, which will be used to configure CryptoPhoto for Check Point Mobile Access.

Creating and configuring a CryptoPhoto administration account is described here.

Download Check Point Plugin RPM

CryptoPhoto Check Point Mobile Access Plugin (R80): cryptophoto-1.0-101.mobileaccess.R80.gaia.noarch.rpm

CryptoPhoto Check Point Mobile Access Plugin (R77): cryptophoto-1.0-101.mobileaccess.R77.gaia.noarch.rpm

Install & Configure

Install the rpm package on the machine where your Check PointMobile Access blade service is deployed

$> rpm -ivh --replacefiles cryptophoto-1.0-101.mobileaccess.R80.gaia.noarch.rpm
$> rpm -ivh --replacefiles cryptophoto-1.0-101.mobileaccess.gaia.noarch.rpm

Once the package is installed you can start configuring the plugin. First we need to set the API Keys that will be used with the CryptoPhoto deployment. Execute the following command:

$> /etc/cryptophoto/

And follow the onscreen instructions. Example:

$> /etc/cryptophoto/
Configure CryptoPhoto plugin (see on how to aquire API keys)
Enter CryptoPhoto Public API key []: dsaldkasldk
Enter CryptoPhoto Private API key []: vsnekmlasdf
A SALT (random string) is needed to hash your users IDs. Once set, it must not be changed.
Enter SALT[]: 7nse8nceneoi
Updating $cppubkey in /opt/CPcvpn-R80/phpincs/CryptoPhotoConf.php.
Updating $cpprivkey in /opt/CPcvpn-R80/phpincs/CryptoPhotoConf.php.
Updating $cpsalt in /opt/CPcvpn-R80/phpincs/CryptoPhotoConf.php.
Enable CryptoPhoto service (y/n): y
Changing ENABLE_CRYPTOPHOTO to 1 in /opt/CPcvpn-R80/phpincs/CryptoPhotoConf.php.
Restart Mobile Access blade services? (y/n): y
Restarting Mobile Access blade services...
Portal stopped
Mobile Access: Successfully started Mobile Access services.
Configuration finished.

Notes: The "Salt" is used to create unique user IDs. It is recommended to use a random string and once set, not to change it, otherwise the CryptoPhoto settings for each of your users will be reset.

Additionally, the administrator can enable/disable CryptoPhoto Service. Edit file /opt/CPcvpn-R80/phpincs/CryptoPhotoConf.php (or /opt/CPcvpn-R77/phpincs/CryptoPhotoConf.php for Gaia R77) and change the value of ENABLE_CRYPTOPHOTO to 1 (enable) or 0 (disable).

From this point on, your users can download/enroll new tokens for CryptoPhoto Authentication by accessing "Settings/CryptoPhoto Settings" menu option:

Uninstall CryptoPhoto

Should you need to remove CryptoPhoto, uninstallation is simply:

$> rpm -e cryptophoto-mobileaccess-gaia-R80-1.0-101
$> rpm -e cryptophoto-mobileaccess-gaia-1.0-101


Example of Enrollment and Authentication using CryptoPhoto for Check Point Mobile Access.