https://community.checkpoint.com/t5/SASE-and-Remote-Access/Microsoft-CA-integration-for-Remote-access-vpn-users/m-p/189481#M4633 <P>Good afternoon.<BR />Installed Checkpoint 5400 81.10 with Ipsec VPN blades, mobile access, identity awareness.</P><P>The identity collector is deployed and connected to Microsoft AD.</P><P>In addition, a Microsoft CA is deployed and its certificate is added to the Trusted CA object.</P><P>I can't find step-by-step instructions on how to configure it so that users of remote vpn access can either generate a certificate through the Microsoft CA portal and select it when connecting, or the gateway itself requests a certificate for the user and installs it for connection.</P><P>&nbsp;</P> Mon, 14 Aug 2023 18:14:37 GMT MiniNinja 2023-08-14T18:14:37Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Microsoft-CA-integration-for-Remote-access-vpn-users/m-p/189481#M4633 <P>Good afternoon.<BR />Installed Checkpoint 5400 81.10 with Ipsec VPN blades, mobile access, identity awareness.</P><P>The identity collector is deployed and connected to Microsoft AD.</P><P>In addition, a Microsoft CA is deployed and its certificate is added to the Trusted CA object.</P><P>I can't find step-by-step instructions on how to configure it so that users of remote vpn access can either generate a certificate through the Microsoft CA portal and select it when connecting, or the gateway itself requests a certificate for the user and installs it for connection.</P><P>&nbsp;</P> Mon, 14 Aug 2023 18:14:37 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Microsoft-CA-integration-for-Remote-access-vpn-users/m-p/189481#M4633 MiniNinja 2023-08-14T18:14:37Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Microsoft-CA-integration-for-Remote-access-vpn-users/m-p/191002#M4634 <P>Can't give you the exact steps, but here they are at a high level:</P> <P>1. Import the relevant CA key into a new Trusted CA object similar to:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk149253" target="_blank">https://support.checkpoint.com/results/sk/sk149253</A><BR />2. Configure LDAP for Remote Access with an AD server:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk31841" target="_blank">https://support.checkpoint.com/results/sk/sk31841</A>&nbsp;</P> <P>You can specify Certificate as the authentication method in the relevant user template.<BR />As long as the certificate has the same CN as what's in LDAP, you should be good to go.</P> Wed, 30 Aug 2023 00:20:23 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Microsoft-CA-integration-for-Remote-access-vpn-users/m-p/191002#M4634 PhoneBoy 2023-08-30T00:20:23Z