Create a Post
Showing results for 
Search instead for 
Did you mean: 

Endpoint Security VPN client : enforce both RSA authentication and certificate check


I'm looking for a possibility to get the following working:

- RSA authentication to identify the user and check if user is authorized or not to connect remotely

- additionally a certificate should be checked to verify if this is effectively a managed workstation of our company.

Machine authentication seems to be an option, only after installing a custom patch. Could we enforce the certificate check using an other method?

Tried looking for some doc on these features but came up empty.

Any one who can point us in the right direction?

In the post on E80.89 release I noticed a screenshot stating 'certificate check passed, additional authentication required with a username/pwd field displayed => exactly what we want (if additional authentication can be done by RSA then)

3 Replies

The client (from E80.71 above) supports this option.

It requires a specific gateway hotfix to activate.

See: Machine Certificate Installation on Security Gateway for Authentication to VPN Clients 

You're encouraged to reach out to your local Check Point office.

0 Kudos

Thanks Dameon! 

No way to enforce this without the custom HF? 

For instance by using an other certificate or check? Our company is part of a group and all soft has to be group validated first Smiley Sad Will set us back a couple of months... We used to rely on SCV checks but: 

-rather basic security (processes can be spoofed, so can reg keys,...) 

- they don’t seem to be enforced properly on the W10 wks we are planning to roll out Smiley Sad 

0 Kudos

Authenticating with a machine certificate requires the custom hotfix, sorry.

Instead of using SCV, which is actually a legacy feature, you should try the Endpoint Compliance feature.

It offers similar checks to SCV and should work on Windows 10.

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events