https://community.checkpoint.com/t5/General-Topics/Clarification-Authentication-for-Remote-Access-VPN/m-p/276292#M46111 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;thank you, can i ask What is the difference between?&nbsp;If I change from DN to UPN, for example, do both need to be set to UPN?</P> <UL data-start="537" data-end="662"> <LI data-section-id="qqeyon" data-start="537" data-end="613"><STRONG data-start="539" data-end="611">VPN Clients &gt; Personal Certificate (Edit) &gt; Fetch username from: x</STRONG></LI> <LI data-section-id="1d408xm" data-start="614" data-end="662"><STRONG data-start="616" data-end="660">User Directories &gt; LDAP Lookup Type: x<BR /></STRONG></LI> </UL> <P>Thanks</P> <P>&nbsp;</P> Thu, 30 Apr 2026 06:15:37 GMT RemoteUser 2026-04-30T06:15:37Z https://community.checkpoint.com/t5/General-Topics/Clarification-Authentication-for-Remote-Access-VPN/m-p/276078#M46086 <P data-end="68" data-start="57">Hi mates,</P> <P data-end="99" data-start="70">Hope you’re all doing well!</P> <P data-end="255" data-start="101">I have a doubt that came up while testing a task requested by the customer: making the gateway perform authentication lookup based on UPN instead of DN.</P> <P data-end="456" data-start="257">I ran some tests by creating a user with a CAPI certificate and then moving the user between different OUs. The authentication still works correctly, which is exactly the behavior I was aiming for.</P> <P data-end="536" data-start="458">This was configured on the <STRONG data-end="514" data-start="485">VPN Client Authentication</STRONG> side, specifically:</P> <UL data-end="662" data-start="537"> <LI data-end="613" data-start="537" data-section-id="qqeyon"><STRONG data-end="611" data-start="539">VPN Clients &gt; Personal Certificate (Edit) &gt; Fetch username from: UPN</STRONG></LI> <LI data-end="662" data-start="614" data-section-id="1d408xm"><STRONG data-end="660" data-start="616">User Directories &gt; LDAP Lookup Type: UPN</STRONG></LI> </UL> <P data-end="716" data-start="664">I’ve also attached some screenshots for reference.</P> <P data-end="900" data-start="718">My question is: since users connect via Remote Access Client, do I also need to configure the authentication method under <STRONG data-end="857" data-start="840">Mobile Access</STRONG>, or is it not relevant in this scenario?</P> <P data-end="1018" data-start="902">If anyone could clarify the differences between these two authentication methods, it would be greatly appreciated.</P> Sun, 26 Apr 2026 07:11:14 GMT https://community.checkpoint.com/t5/General-Topics/Clarification-Authentication-for-Remote-Access-VPN/m-p/276078#M46086 RemoteUser 2026-04-26T07:11:14Z https://community.checkpoint.com/t5/General-Topics/Clarification-Authentication-for-Remote-Access-VPN/m-p/276270#M46109 <P>The settings in question are only relevant to how the gateway looks up the user information sent by the client.&nbsp;</P> <P>DN refers to a precise object in the LDAP directory.<BR />UPN is the login name of the user.</P> <P>Unless you use the Mobile Access portal, you shouldn't need to configure anything there.</P> Wed, 29 Apr 2026 20:40:51 GMT https://community.checkpoint.com/t5/General-Topics/Clarification-Authentication-for-Remote-Access-VPN/m-p/276270#M46109 PhoneBoy 2026-04-29T20:40:51Z https://community.checkpoint.com/t5/General-Topics/Clarification-Authentication-for-Remote-Access-VPN/m-p/276292#M46111 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;thank you, can i ask What is the difference between?&nbsp;If I change from DN to UPN, for example, do both need to be set to UPN?</P> <UL data-start="537" data-end="662"> <LI data-section-id="qqeyon" data-start="537" data-end="613"><STRONG data-start="539" data-end="611">VPN Clients &gt; Personal Certificate (Edit) &gt; Fetch username from: x</STRONG></LI> <LI data-section-id="1d408xm" data-start="614" data-end="662"><STRONG data-start="616" data-end="660">User Directories &gt; LDAP Lookup Type: x<BR /></STRONG></LI> </UL> <P>Thanks</P> <P>&nbsp;</P> Thu, 30 Apr 2026 06:15:37 GMT https://community.checkpoint.com/t5/General-Topics/Clarification-Authentication-for-Remote-Access-VPN/m-p/276292#M46111 RemoteUser 2026-04-30T06:15:37Z https://community.checkpoint.com/t5/General-Topics/Clarification-Authentication-for-Remote-Access-VPN/m-p/276332#M46113 <P>I would set them both to use this value, yes.<BR />Not exactly sure where "User Directory" is still used (it's a legacy feature).</P> Thu, 30 Apr 2026 15:13:48 GMT https://community.checkpoint.com/t5/General-Topics/Clarification-Authentication-for-Remote-Access-VPN/m-p/276332#M46113 PhoneBoy 2026-04-30T15:13:48Z