Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

OPSEC Partners

Check Point UserAuthority Server for Citrix Presentation Server
and Microsoft Terminal Server

Product Version Certified: Citrix MetaFrame XP FP1 Terminal Server Windows 2000 Server
Certified for use with: Check Point Next Generation

Product Description:  Check Point UserAuthority Server for Citrix Presentation Server and Microsoft Terminal Server provides single sign-on for connections that were opened from a Citrix Presentation Server server or a Microsoft Terminal Server. This allows the VPN-1/FireWall-1 gateway to enforce a user-based access control and auditing policy for Citrix and Terminal Server users.

     
Key Features and Benefits
OPSEC Integration 		  Citrix Systems, Inc.
 
Company Description: Citrix's passion is to simplify information access for everyone. As the only enterprise software company 100% focused on access, this is also our unique passion. Citrix products solve particular access pain points for customers. They are also built to work better together - to interoperate seamlessly with each other as a platform, and through our partners, with virtually any existing IT environment. The Citrix Access Platform is an integrated, end-to-end system that enables IT teams to deliver the best access experience to end-users, wherever they are, securely, efficiently and cost-effectively. Citrix is the global leader and most trusted name in on-demand access. More than 160,000 organizations around the world use the Citrix Access Platform to provide the best access experience to any application for any user.
 
 
Key Features and Benefits

Using UAS with Citrix or Terminal Server provides the following benefits:

  • Single Sign-on - Rules for access control and logging on VPN-1/FireWall-1 (based on User Groups) inspect outbound traffic from the Terminal Sever. The user's identity, based on the original user's login to the Terminal Server, is securely passed to VPN-1/FireWall-1 through UAS. Because VPN-1/FireWall-1 knows the user's identity there is no need for re-authentication.
  • Logging - Once a user's identity is known, standard logging features from Check Point and OPSEC partners can be utilized to report user access to the Internet and other resources.
  • Access Control - Once a user's identity is known VPN-1/FireWall-1 can restrict access to resources (HTTP and others) based on a user's group membership.
  • Integration with ActiveDirectory - Users and groups can be used directly from Microsoft ActiveDirectory and various LDAP servers.
  • WebAccess Integration - WebAccess, can use a user's identity for single sign-on, access control, and logging services on a web server. Please see the "UserAuthority User Guide" for further information on WebAccess.
OPSEC Integration
The product is integrated with UserAuthority through the OPSEC UserAuthority API (UAA). It responds with a username to UserAuthority queries by connection that were sent from the UAS on the VPN-1/FireWall-1 gateway.