https://community.checkpoint.com/t5/Endpoint/Smartcard-FDE-pre-boot-authentication/m-p/9019#M201 <HTML><HEAD></HEAD><BODY><P>Hi guys,</P><P></P><P>Does anyone have experience with using a smartcard to unlock the pre-boot of Sandblast FDE?</P><P>I've enabled the feature in the end-point console, when entering my smartcard it switches the login screen to enter my PIN. However when I enter the PIN it does not unlock.</P><P>The smartcard has a user certificate on it to authenticate on Windows, which is working fine.&nbsp;</P><P>I don't have that much experience with smartcards and CheckPoint so I was wondering if I need a specific certificate (like EFS) or that any of you have any experience using this.</P><P></P><P>I would also think that the driver is correct because it switches to the PIN and when I use another type of smartcard it does not switch, so cannot read the smartcard.</P><P></P><P>Any help would be appreciated!</P></BODY></HTML> Mon, 16 Jul 2018 08:31:05 GMT Tom_Heesmans 2018-07-16T08:31:05Z https://community.checkpoint.com/t5/Endpoint/Smartcard-FDE-pre-boot-authentication/m-p/9019#M201 <HTML><HEAD></HEAD><BODY><P>Hi guys,</P><P></P><P>Does anyone have experience with using a smartcard to unlock the pre-boot of Sandblast FDE?</P><P>I've enabled the feature in the end-point console, when entering my smartcard it switches the login screen to enter my PIN. However when I enter the PIN it does not unlock.</P><P>The smartcard has a user certificate on it to authenticate on Windows, which is working fine.&nbsp;</P><P>I don't have that much experience with smartcards and CheckPoint so I was wondering if I need a specific certificate (like EFS) or that any of you have any experience using this.</P><P></P><P>I would also think that the driver is correct because it switches to the PIN and when I use another type of smartcard it does not switch, so cannot read the smartcard.</P><P></P><P>Any help would be appreciated!</P></BODY></HTML> Mon, 16 Jul 2018 08:31:05 GMT https://community.checkpoint.com/t5/Endpoint/Smartcard-FDE-pre-boot-authentication/m-p/9019#M201 Tom_Heesmans 2018-07-16T08:31:05Z https://community.checkpoint.com/t5/Endpoint/Smartcard-FDE-pre-boot-authentication/m-p/9020#M202 <HTML><HEAD></HEAD><BODY><P>In older versions (ones no longer supported), there was a bug with PINs of a certain length.</P><P>Not sure that's still relevant.</P><P>It's probably a good idea to involve the TAC in this.</P></BODY></HTML> Mon, 16 Jul 2018 14:14:06 GMT https://community.checkpoint.com/t5/Endpoint/Smartcard-FDE-pre-boot-authentication/m-p/9020#M202 PhoneBoy 2018-07-16T14:14:06Z https://community.checkpoint.com/t5/Endpoint/Smartcard-FDE-pre-boot-authentication/m-p/9021#M203 <HTML><HEAD></HEAD><BODY><P>Thanks for the response, this however is not an older version and the pin is only 4 digits in lenght for testing.</P><P>We'll probably need TAC but I have some great experiences with this community and was hoping for the small simple remark that will point is in the right direction. My guess is that this is something simple that we are overlooking.</P></BODY></HTML> Mon, 16 Jul 2018 14:18:36 GMT https://community.checkpoint.com/t5/Endpoint/Smartcard-FDE-pre-boot-authentication/m-p/9021#M203 Tom_Heesmans 2018-07-16T14:18:36Z https://community.checkpoint.com/t5/Endpoint/Smartcard-FDE-pre-boot-authentication/m-p/9022#M204 <HTML><HEAD></HEAD><BODY><P>I'll see if I can get an expert in this area to comment <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P></BODY></HTML> Mon, 16 Jul 2018 15:32:18 GMT https://community.checkpoint.com/t5/Endpoint/Smartcard-FDE-pre-boot-authentication/m-p/9022#M204 PhoneBoy 2018-07-16T15:32:18Z https://community.checkpoint.com/t5/Endpoint/Smartcard-FDE-pre-boot-authentication/m-p/101694#M2746 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/19475">@Tom_Heesmans</a>, I just found your post and I'm wondering how you resolved the issue described.</P> <P>After switching from password to smartcard authentication in the FDE preboot today, I get an "Invalid Logon" message in the client, and a "No Smartcard users configured" in the logs on the management. I did some testing and my scenario matches your description.</P> <P>I know it has been a while, but I'll appreciate it if you can share anything you remember. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 11 Nov 2020 03:46:19 GMT https://community.checkpoint.com/t5/Endpoint/Smartcard-FDE-pre-boot-authentication/m-p/101694#M2746 KatiaCruz 2020-11-11T03:46:19Z https://community.checkpoint.com/t5/Endpoint/Smartcard-FDE-pre-boot-authentication/m-p/101715#M2747 <P>For us this eventually came down to an incompatible driver for the smartcard reader. It should have been compatible according to the documentation but after examination from dev-ops this was not the case. Our smartcard readers where from Thales (formaly Gemalto) and CheckPoint collaborated with them to integrate the correct driver. Everything is working as expected now.</P> Wed, 11 Nov 2020 08:03:56 GMT https://community.checkpoint.com/t5/Endpoint/Smartcard-FDE-pre-boot-authentication/m-p/101715#M2747 Tom_Heesmans 2020-11-11T08:03:56Z https://community.checkpoint.com/t5/Endpoint/Smartcard-FDE-pre-boot-authentication/m-p/101812#M2750 <P>Good to know, <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/19475">@Tom_Heesmans</a>.&nbsp;I will double-check if the smartcard reader driver is the right one in my case. We ended up using a generic one from the list provided during configuration.</P> <P>Thanks for your response!&nbsp;</P> Wed, 11 Nov 2020 17:22:07 GMT https://community.checkpoint.com/t5/Endpoint/Smartcard-FDE-pre-boot-authentication/m-p/101812#M2750 KatiaCruz 2020-11-11T17:22:07Z