This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kenny_De_Man
Participant
‎2019-01-30 06:12 AM

Endpoint Security VPN client : enforce both RSA authentication and certificate check

Hi,

I'm looking for a possibility to get the following working:

- RSA authentication to identify the user and check if user is authorized or not to connect remotely

- additionally a certificate should be checked to verify if this is effectively a managed workstation of our company.

Machine authentication seems to be an option, only after installing a custom patch. Could we enforce the certificate check using an other method?

Tried looking for some doc on these features but came up empty.

Any one who can point us in the right direction?

In the post on E80.89 release I noticed a screenshot stating 'certificate check passed, additional authentication required with a username/pwd field displayed => exactly what we want (if additional authentication can be done by RSA then)

3 Replies
PhoneBoy
Admin
Admin
‎2019-01-30 07:19 PM

The client (from E80.71 above) supports this option.

It requires a specific gateway hotfix to activate.

See: Machine Certificate Installation on Security Gateway for Authentication to VPN Clients 

You're encouraged to reach out to your local Check Point office.

0 Kudos
Kenny_De_Man
Participant
‎2019-01-30 10:06 PM
In response to PhoneBoy

Thanks Dameon! 

No way to enforce this without the custom HF? 

For instance by using an other certificate or check? Our company is part of a group and all soft has to be group validated first Smiley Sad Will set us back a couple of months... We used to rely on SCV checks but: 

-rather basic security (processes can be spoofed, so can reg keys,...) 

- they don’t seem to be enforced properly on the W10 wks we are planning to roll out Smiley Sad 

0 Kudos
PhoneBoy
Admin
Admin
‎2019-01-30 10:47 PM
In response to Kenny_De_Man

Authenticating with a machine certificate requires the custom hotfix, sorry.

Instead of using SCV, which is actually a legacy feature, you should try the Endpoint Compliance feature.

It offers similar checks to SCV and should work on Windows 10.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events