This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Shahar_Grober
Advisor
‎2018-11-01 04:50 AM

Keep VPN connected when switching windows users

Hi,

Before I ask TAC, I would like to use the wisdom of the crowd.

Is there a way to keep Endpoint Security Client connected while switching between windows users (windows 10)? 

Let me explain my need:

Let's say I have a user connected from a laptop to the VPN and now I want to create a new user on the laptop, in order to get a roaming user profile, the user has to be connected to the Domain and to the network and this can be done only via VPN. If I can log-in with one user, connect to the VPN and then switch to the new user while the VPN is connected I will be able to get the roaming user profile directly after login.

Is there a way to support this scenario using Endpoint Security?

0 Kudos
Reply
8 Replies
PhoneBoy
Admin
Admin
‎2018-11-02 09:01 AM

As far as I know, you should be able to do this.

In fact, we have a note about this here saying that any user logged into the same system will also have access: Check Point Remote Access Solutions 

Earlier versions of the client definitely didn't support this, though: Multiple logged in users (Fast User Switching) is not supported 

0 Kudos
Reply
Patrick_Gahan
Participant
‎2019-02-21 01:55 AM

A customer recently reported this behaviour to me as a perceived 'problem' but from what Dameon says and the note in sk67820 it does appear to be "by design".  The behaviour reported to me was that "switch user" (on Windows 10) appeared to drop the remote access VPN tunnel whereas if the logged in user (user1) locked the screen and another user (user2) logged in as "Other User" then the tunnel from user1 would still be up & working....

This particular customer wanted to prevent this scenario, so i believe the solution in this case would be a Windows control to prevent both switching and "other user" login capability?

interested to know if anyone else has encountered this ...

0 Kudos
Reply
Shahar_Grober
Advisor
‎2019-02-21 06:03 AM
In response to Patrick_Gahan

To prevent this you can set the "Disconnect when device is idle" in global properties

But, Does the second user able to login via the first user VPN? 

0 Kudos
Reply
Patrick_Gahan
Participant
‎2019-02-21 06:08 AM
In response to Shahar_Grober

Thanks Shahar, will give that a go 

yes, once the user2 logs into Windows, then they can access all corporate resources as if they were user1...

0 Kudos
Reply
Shahar_Grober
Advisor
‎2019-02-21 09:41 AM
In response to Patrick_Gahan

This is really interesting!!

I will give it a try although it sounds like a bug

Do you know which authentication method is used in this case? 

0 Kudos
Reply
Patrick_Gahan
Participant
‎2019-02-21 09:54 AM
In response to Shahar_Grober

Yes in this case we configure User Certificate authentication CAPI with Cert verification against backend AD Certificate Authority and User checking against AD Group Membership.

 

In this example user2 does not belong to the “remote VPN allowed” AD group but user1 does !

 

 

---

Regards,

Patrick

www.camwey.com

0 Kudos
Reply
Shahar_Grober
Advisor
‎2019-02-21 09:59 AM
In response to Patrick_Gahan

So the second user "piggy backs" on the first user tunnel. 

Which Endpoint version are you using 

Cool, I will try that.

Thanks

Patrick

0 Kudos
Reply
Patrick_Gahan
Participant
‎2019-02-21 10:05 AM
In response to Shahar_Grober

Correct Smiley Happy

E80.90 (full agent) connecting to R80.10 gateway

 

 

---

Regards,

Patrick

 

www.camwey.com

0 Kudos
Reply