Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
SWBW_Florian
Contributor

Harmony Endpoint Client VPN auto connect [MGMT]

Hi there!

Were using the harmony endpoint agent with a management server to conigure and update the clients. Were also using the Endpoint Connect feature to let users access to our VPN network through the harmony endpoint agent on their notebooks.

Now were impementing a couple of (two, mabe three) new computers outside of our network (new departments of our company).
Those computers are fixed installed desktop PCs, so we want them to be allways connected to our VPN so they can be configures and also remote accessed.

Therefor i tried to configure them as "allways connected" to our VPN. but i cant do that. The Option inside the Client itself is greyed out. I cant find the right setting, Neither at the webinterface of our management, nor inside of the Checkpoint SmartEndpoint Software.

I Also tried to use the trac.exe with following command at the mentioned client:

trac.exe userpass -a VPN.Site -u testuser -p testpass

But this will only be answered with "Feature is disabled"

 

Can you point me to where i can activate this? i alreadycreated a new deployment rule and virtual group just for those "external VPN Desktops"

 

Thanks in Advance (:

 

Florian

regards
0 Kudos
3 Replies
PhoneBoy
Admin
Admin

This is configured in SmartConsole in Global Properties.
By default, unless it's been changed, Connect Mode should be "Configured on Endpoint Client."
If you change this and install policy, your clients will need to delete/re-add the site for the change to take effect.

image.png

SWBW_Florian
Contributor

hy PhoneBoy and thanks for that!

i configured "Configured on endpoint" and password caching. I then reinstalled the VPN-Site on a client. I am then able to activate "Autoconnect" on the Client, but nothing about the password caching. After a systemreboot the VPN Client is again asking for the password, so the caching is not working/activated. even if the Connect-windows is opened automatically (but with an empty password field)

is there any checkbox i am missing?

thanks

 

i guess its just not possible:

https://support.checkpoint.com/results/sk/sk44073

i found a way through trac.exe (connect -s ...) over CLI. i can script the connection to the VPN like this and make a task out of it. Unfortunately its not encrypted

regards
0 Kudos
PhoneBoy
Admin
Admin

We do not cache passwords across reboots.
For your use case, I recommend using Machine Certificates for authentication.
See: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_RemoteAccessVPN_AdminGuide/C... 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events