https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-Access-VPN-with-MacOS-certificate-authentication-don-t/m-p/184057#M9526 <P>also see the recently released <SPAN><SPAN class="">sk181067</SPAN></SPAN></P> Thu, 15 Jun 2023 09:48:10 GMT LazarusG 2023-06-15T09:48:10Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-Access-VPN-with-MacOS-certificate-authentication-don-t/m-p/104252#M9524 <P>Hi,</P><P>We have a project to add a 2FA in our Remote Access VPN. Currently we have set to authenticate with username &amp; passwords, and we want to add user certificate (issued by internal CA running on Microsoft, integrated with AD).</P><P>This is working fine for Microsoft computers with Check Point Endpoint Security VPN client (standalone). We just have a failure after a while (traffic blocked after a random amount of time, with logs like 'can't find user' or 'failed login'). This one is object of an ongoing TAC case. But still, for these, the authentication with certificate is working fine, and the VPN tunnel establishes.</P><P>Now we have a lot of users that have MacBooks, also running the CP Endpoint VPN client. The user certificate has been imported in the Key Chains. When we try to authenticate on the VPN client with the certificate, it doesn't work.</P><P>An example of log extract, showing failure of MacOS, and success of Windows (same user, same certificate) :</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="100_LOGS_SHOWING_DIFFERENCE_WIN_VS_MACOS.PNG" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/9492i069B49BF1AFC27BA/image-size/large?v=v2&amp;px=999" role="button" title="100_LOGS_SHOWING_DIFFERENCE_WIN_VS_MACOS.PNG" alt="100_LOGS_SHOWING_DIFFERENCE_WIN_VS_MACOS.PNG" /></span></P><P>&nbsp;</P><P>The detail of the failure log, showing the user is not in the right format, expected here something like it is for Windows clients :</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="101_Login_Auth_MAB_NOK_MACOS.PNG" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/9491iEDF71D7EECA4E0FE/image-size/large?v=v2&amp;px=999" role="button" title="101_Login_Auth_MAB_NOK_MACOS.PNG" alt="101_Login_Auth_MAB_NOK_MACOS.PNG" /></span></P><P>&nbsp;</P><P>Here is how the authentication is configured for certificate usage (again, working fine on Windows) :</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="102_GatewayProps_Authentication_2.PNG" style="width: 726px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/9493iB4D12E92EB190F00/image-size/large?v=v2&amp;px=999" role="button" title="102_GatewayProps_Authentication_2.PNG" alt="102_GatewayProps_Authentication_2.PNG" /></span></P><P>&nbsp;</P><P>Do you know if I have to create another Login Option especially for MacOS ? If so, what settings should I use ? I already tried various combination, none of them worked <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P><P>Thanks in advance for your help !</P><P>Regards,</P><P>Antoine</P> Thu, 03 Dec 2020 19:05:22 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-Access-VPN-with-MacOS-certificate-authentication-don-t/m-p/104252#M9524 Ob1lan 2020-12-03T19:05:22Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-Access-VPN-with-MacOS-certificate-authentication-don-t/m-p/104274#M9525 <P>Are you using the latest supported macOS VPN client? I saw E82.50 within your log card details. E84.30 was released within the last 2 weeks that has support for Bug Sur as well as Machine Authentication for the VPN client.</P> <P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk170513" target="_blank" rel="noopener">SK170513 - Enterprise Endpoint Security E84.30 macOS Clients - Early Availability</A>&nbsp;</P> Thu, 03 Dec 2020 23:00:09 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-Access-VPN-with-MacOS-certificate-authentication-don-t/m-p/104274#M9525 Matt_Ricketts 2020-12-03T23:00:09Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-Access-VPN-with-MacOS-certificate-authentication-don-t/m-p/184057#M9526 <P>also see the recently released <SPAN><SPAN class="">sk181067</SPAN></SPAN></P> Thu, 15 Jun 2023 09:48:10 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Remote-Access-VPN-with-MacOS-certificate-authentication-don-t/m-p/184057#M9526 LazarusG 2023-06-15T09:48:10Z