topic Remote Access VPN Secure Domain Logon Choice in SASE and Remote Access

Remote Access VPN Secure Domain Logon Choice

mkoessler — Tue, 22 Aug 2023 12:38:52 GMT

Hi everyone,

a customer of ours uses the standalone Remote Access VPN Client with Secure Domain Login configured. When SDL is enabled, the user can only log in to windows with VPN. Is there a way, that the user can choose to connect to VPN or authenticate to Windows locally, as it´s possible with Cisco AnyConnect (picture below)?

Thanks 🙂

Re: Remote Access VPN Secure Domain Logon Choice

_Val_ — Tue, 22 Aug 2023 12:39:35 GMT

Amin note: credits removed

Re: Remote Access VPN Secure Domain Logon Choice

_Val_ — Tue, 22 Aug 2023 12:44:58 GMT

From the documentation (important part highlighted):

Secure Domain Logon ensures that authentication credentials sent to the Domain Controller are sent through an encrypted channel.

If you do not need that, disable SDL.

Re: Remote Access VPN Secure Domain Logon Choice

mkoessler — Tue, 29 Aug 2023 06:15:18 GMT

Hi all,

just wanted to share my solution for this. Our partner manager hinted us to the implicit and explicit SDL configuration.

https://sc1.checkpoint.com/documents/RemoteAccessClients_forWindows_AdminGuide/Content/Topics-RA-VPN-for-Win/SDL-in-Windows.htm?tocpath=Configuring%20Client%20Features%7CSecure%20Domain%20Logon%20(SDL)%7C_____4

Through disabling implicit SDL the user now has a button in the Windows login screen where he can choose to connect to VPN or just log in to the client.