https://community.checkpoint.com/t5/SASE-and-Remote-Access/SmartCard-Authentication-for-VPN-users/m-p/131756#M7852 <P>Hi,</P><P>We currently have our VPN users authenticating with domain (user/password) credentials.</P><P>We want to change the VPN authentication to the SmartCard which each user has connected to his laptop and which is normally used to login to the laptop.</P><P>&nbsp;</P><P>Has anyone configured VPN users with SmartCard authentication?</P><P>I was not able to find anything about this in Checkpoint site.&nbsp;&nbsp;</P><P>Thanks</P><P>micha</P> Thu, 14 Oct 2021 10:09:00 GMT mkushner 2021-10-14T10:09:00Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SmartCard-Authentication-for-VPN-users/m-p/131756#M7852 <P>Hi,</P><P>We currently have our VPN users authenticating with domain (user/password) credentials.</P><P>We want to change the VPN authentication to the SmartCard which each user has connected to his laptop and which is normally used to login to the laptop.</P><P>&nbsp;</P><P>Has anyone configured VPN users with SmartCard authentication?</P><P>I was not able to find anything about this in Checkpoint site.&nbsp;&nbsp;</P><P>Thanks</P><P>micha</P> Thu, 14 Oct 2021 10:09:00 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SmartCard-Authentication-for-VPN-users/m-p/131756#M7852 mkushner 2021-10-14T10:09:00Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SmartCard-Authentication-for-VPN-users/m-p/131759#M7853 <P>See&nbsp;<SPAN style="font-family: inherit; background-color: #ffffff;">Remote Access VPN R81 Administration Guide p.44fff !</SPAN></P> Thu, 14 Oct 2021 10:55:13 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SmartCard-Authentication-for-VPN-users/m-p/131759#M7853 G_W_Albrecht 2021-10-14T10:55:13Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SmartCard-Authentication-for-VPN-users/m-p/131767#M7854 <P>Thanks, but I only see SmartCard mentioned regarding L2TP (which is not what we want) and it doesn't appear to really be with a SmartCard, rather with a regular certificate.</P><P>We want SmartCard authentication with Checkpoint VPN client, and that is not described there.</P> Thu, 14 Oct 2021 12:19:16 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SmartCard-Authentication-for-VPN-users/m-p/131767#M7854 mkushner 2021-10-14T12:19:16Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SmartCard-Authentication-for-VPN-users/m-p/133213#M7855 <P>It was more complicated than I thought.&nbsp; It took Checkpoint dealer two days to get it working and was not something that we could have done ourselves.</P><P>Some tips:</P><P>1. You need to activate Identity Awareness.&nbsp; Don't need to run wizard, but will need to mark off VPN in IA configuration tab of firewall.</P><P>2. Changes needed to be done via DBEdit.</P><P>3. We are using UPN from the SmartCard and via Activedirectory.</P><P>4. Make sure that the connection to AD servers is working well.&nbsp; We had problems of dedicated user locking in AD.&nbsp; The solution was a CLI command to force use of NTLMv2.</P><P>5. We also configured the firewall to distribute addresses from DHCP servers.</P> Thu, 04 Nov 2021 08:44:48 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SmartCard-Authentication-for-VPN-users/m-p/133213#M7855 mkushner 2021-11-04T08:44:48Z