https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-Client-Authentication/m-p/160831#M6069 <P>Machine certificate authentication was added in R80.40.<BR />Which means, for Maestro, you'll need to upgrade to R81 or above.</P> <P>You can create another authentication scheme for users to use.<BR />See:&nbsp;<A href="https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_RemoteAccessVPN_AdminGuide/Topics-VPNRG/User-and-Client-Authentication.htm?Highlight=authentication#Multiple_Login_Options_for_R80.xx_Gateways" target="_blank">https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_RemoteAccessVPN_AdminGuide/Topics-VPNRG/User-and-Client-Authentication.htm?Highlight=authentication#Multiple_Login_Options_for_R80.xx_Gateways</A></P> Mon, 31 Oct 2022 14:02:07 GMT PhoneBoy 2022-10-31T14:02:07Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-Client-Authentication/m-p/160814#M6068 <P><SPAN>Hi,</SPAN><BR /><SPAN>&nbsp;</SPAN><BR /><SPAN>We are running our VPN clients gateways on R80.30SP &nbsp;and are being used &nbsp;for remote access ( User VPN &nbsp;) authentication via User certificates at the moment.</SPAN><BR /><SPAN>We are exploring to enable the machine certificate authentication for remote access VPN as well. Can you help us on below &nbsp;please.</SPAN><BR /><SPAN>&nbsp;</SPAN><BR /><SPAN>Also we are running/installed &nbsp;&nbsp;Endpoint clients Version E81.40 Build 986101004 &nbsp;</SPAN><SPAN>on the client machines.</SPAN><BR /><SPAN>&nbsp;</SPAN><BR /><SPAN>1 ) Can we enable machine certificate authentication for remote access VPN on R80.30 SP version which we are running at the moment. If not what's the compatible version&nbsp; to enable this feature.</SPAN><BR /><SPAN>&nbsp;</SPAN><BR /><SPAN>2) If enabled can machine authentication method be enabled individually as a separate parameter to User certificate method &nbsp;or this would be enabled in Global properties impacting &nbsp;our existing user certificate remote VPN&nbsp; authentication method.</SPAN></P> Mon, 31 Oct 2022 11:45:25 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-Client-Authentication/m-p/160814#M6068 ESpataro 2022-10-31T11:45:25Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-Client-Authentication/m-p/160831#M6069 <P>Machine certificate authentication was added in R80.40.<BR />Which means, for Maestro, you'll need to upgrade to R81 or above.</P> <P>You can create another authentication scheme for users to use.<BR />See:&nbsp;<A href="https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_RemoteAccessVPN_AdminGuide/Topics-VPNRG/User-and-Client-Authentication.htm?Highlight=authentication#Multiple_Login_Options_for_R80.xx_Gateways" target="_blank">https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_RemoteAccessVPN_AdminGuide/Topics-VPNRG/User-and-Client-Authentication.htm?Highlight=authentication#Multiple_Login_Options_for_R80.xx_Gateways</A></P> Mon, 31 Oct 2022 14:02:07 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-Client-Authentication/m-p/160831#M6069 PhoneBoy 2022-10-31T14:02:07Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-Client-Authentication/m-p/160882#M6070 <P>Machine certificates are a per gateway enablement, so it would apply to all users. You can enable it in an 'if available' mode rather than making it a requirement. It's configured as an additional step to the existing authentication, so the existing user auth settings would still apply. As Phoneboy says, you'll need to upgrade the gateway version. You should also look at upgrading the VPN client version, as that one is quite old now.&nbsp;</P> Tue, 01 Nov 2022 01:19:42 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-Client-Authentication/m-p/160882#M6070 emmap 2022-11-01T01:19:42Z