cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Employee
Employee

Endpoint Security VPN client : enforce both RSA authentication and certificate check

Hi,

I'm looking for a possibility to get the following working:

- RSA authentication to identify the user and check if user is authorized or not to connect remotely

- additionally a certificate should be checked to verify if this is effectively a managed workstation of our company.

Machine authentication seems to be an option, only after installing a custom patch. Could we enforce the certificate check using an other method?

Tried looking for some doc on these features but came up empty.

Any one who can point us in the right direction?

In the post on E80.89 release I noticed a screenshot stating 'certificate check passed, additional authentication required with a username/pwd field displayed => exactly what we want (if additional authentication can be done by RSA then)

3 Replies
Admin
Admin

Re: Endpoint Security VPN client : enforce both RSA authentication and certificate check

The client (from E80.71 above) supports this option.

It requires a specific gateway hotfix to activate.

See: Machine Certificate Installation on Security Gateway for Authentication to VPN Clients 

You're encouraged to reach out to your local Check Point office.

0 Kudos
Employee
Employee

Re: Endpoint Security VPN client : enforce both RSA authentication and certificate check

Thanks Dameon! 

No way to enforce this without the custom HF? 

For instance by using an other certificate or check? Our company is part of a group and all soft has to be group validated first Smiley Sad Will set us back a couple of months... We used to rely on SCV checks but: 

-rather basic security (processes can be spoofed, so can reg keys,...) 

- they don’t seem to be enforced properly on the W10 wks we are planning to roll out Smiley Sad 

0 Kudos
Admin
Admin

Re: Endpoint Security VPN client : enforce both RSA authentication and certificate check

Authenticating with a machine certificate requires the custom hotfix, sorry.

Instead of using SCV, which is actually a legacy feature, you should try the Endpoint Compliance feature.

It offers similar checks to SCV and should work on Windows 10.

0 Kudos