https://community.checkpoint.com/t5/Endpoint/Endpoint-Security-VPN-client-enforce-both-RSA-authentication-and/m-p/28764#M669 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>I'm looking for a possibility to get the following working:</P><P>- RSA authentication to identify the user and check if user is authorized or not to connect remotely</P><P>- additionally a certificate should be checked to verify if this is effectively a managed workstation of our company.</P><P></P><P>Machine authentication seems to be an option, only after installing a custom patch. Could we enforce the certificate check using an other method?</P><P>Tried looking for some doc on these features but came up empty.</P><P>Any one who can point us in the right direction?</P><P></P><P>In the post on E80.89 release I noticed a screenshot stating 'certificate check passed, additional authentication required with a username/pwd field displayed =&gt; exactly what we want (if additional authentication can be done by RSA then)</P></BODY></HTML> Wed, 30 Jan 2019 14:12:05 GMT Kenny_De_Man 2019-01-30T14:12:05Z https://community.checkpoint.com/t5/Endpoint/Endpoint-Security-VPN-client-enforce-both-RSA-authentication-and/m-p/28764#M669 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>I'm looking for a possibility to get the following working:</P><P>- RSA authentication to identify the user and check if user is authorized or not to connect remotely</P><P>- additionally a certificate should be checked to verify if this is effectively a managed workstation of our company.</P><P></P><P>Machine authentication seems to be an option, only after installing a custom patch. Could we enforce the certificate check using an other method?</P><P>Tried looking for some doc on these features but came up empty.</P><P>Any one who can point us in the right direction?</P><P></P><P>In the post on E80.89 release I noticed a screenshot stating 'certificate check passed, additional authentication required with a username/pwd field displayed =&gt; exactly what we want (if additional authentication can be done by RSA then)</P></BODY></HTML> Wed, 30 Jan 2019 14:12:05 GMT https://community.checkpoint.com/t5/Endpoint/Endpoint-Security-VPN-client-enforce-both-RSA-authentication-and/m-p/28764#M669 Kenny_De_Man 2019-01-30T14:12:05Z https://community.checkpoint.com/t5/Endpoint/Endpoint-Security-VPN-client-enforce-both-RSA-authentication-and/m-p/28765#M670 <HTML><HEAD></HEAD><BODY><P>The client (from E80.71 above) supports this option.</P><P>It requires a specific gateway hotfix to activate.</P><P>See:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk121173" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk121173">Machine Certificate Installation on Security Gateway for Authentication to VPN Clients</A>&nbsp;</P><P>You're encouraged to reach out to your local Check Point office.</P></BODY></HTML> Thu, 31 Jan 2019 03:19:14 GMT https://community.checkpoint.com/t5/Endpoint/Endpoint-Security-VPN-client-enforce-both-RSA-authentication-and/m-p/28765#M670 PhoneBoy 2019-01-31T03:19:14Z https://community.checkpoint.com/t5/Endpoint/Endpoint-Security-VPN-client-enforce-both-RSA-authentication-and/m-p/28766#M671 <HTML><HEAD></HEAD><BODY><P>Thanks Dameon!&nbsp;</P><P>No way to enforce this without the custom HF?&nbsp;</P><P>For instance by using an other certificate or check? Our company is part of a group and all soft has to be group validated first <img id="smileysad" class="emoticon emoticon-smileysad" src="https://community.checkpoint.com/i/smilies/16x16_smiley-sad.png" alt="Smiley Sad" title="Smiley Sad" />&nbsp;Will set us back a couple of months... We used to rely on SCV checks but:&nbsp;</P><P>-rather basic security (processes can be spoofed, so can reg keys,...)&nbsp;</P><P>- they don’t seem to be enforced properly on the W10 wks we are planning to roll out <img id="smileysad" class="emoticon emoticon-smileysad" src="https://community.checkpoint.com/i/smilies/16x16_smiley-sad.png" alt="Smiley Sad" title="Smiley Sad" />&nbsp;</P></BODY></HTML> Thu, 31 Jan 2019 06:06:31 GMT https://community.checkpoint.com/t5/Endpoint/Endpoint-Security-VPN-client-enforce-both-RSA-authentication-and/m-p/28766#M671 Kenny_De_Man 2019-01-31T06:06:31Z https://community.checkpoint.com/t5/Endpoint/Endpoint-Security-VPN-client-enforce-both-RSA-authentication-and/m-p/28767#M672 <HTML><HEAD></HEAD><BODY><P>Authenticating with a machine certificate requires the custom hotfix, sorry.</P><P>Instead of using SCV, which is actually a legacy feature, you should try the Endpoint Compliance feature.</P><P>It offers similar checks to SCV and should work on Windows 10.</P></BODY></HTML> Thu, 31 Jan 2019 06:47:24 GMT https://community.checkpoint.com/t5/Endpoint/Endpoint-Security-VPN-client-enforce-both-RSA-authentication-and/m-p/28767#M672 PhoneBoy 2019-01-31T06:47:24Z