This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SWBW_Florian
Contributor
‎2024-08-30 01:37 AM

Harmony Endpoint Client VPN auto connect [MGMT]

Hi there!

Were using the harmony endpoint agent with a management server to conigure and update the clients. Were also using the Endpoint Connect feature to let users access to our VPN network through the harmony endpoint agent on their notebooks.

Now were impementing a couple of (two, mabe three) new computers outside of our network (new departments of our company).
Those computers are fixed installed desktop PCs, so we want them to be allways connected to our VPN so they can be configures and also remote accessed.

Therefor i tried to configure them as "allways connected" to our VPN. but i cant do that. The Option inside the Client itself is greyed out. I cant find the right setting, Neither at the webinterface of our management, nor inside of the Checkpoint SmartEndpoint Software.

I Also tried to use the trac.exe with following command at the mentioned client:

trac.exe userpass -a VPN.Site -u testuser -p testpass

But this will only be answered with "Feature is disabled"

 

Can you point me to where i can activate this? i alreadycreated a new deployment rule and virtual group just for those "external VPN Desktops"

 

Thanks in Advance (:

 

Florian

regards
0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2024-09-03 08:01 AM

This is configured in SmartConsole in Global Properties.
By default, unless it's been changed, Connect Mode should be "Configured on Endpoint Client."
If you change this and install policy, your clients will need to delete/re-add the site for the change to take effect.

image.png

SWBW_Florian
Contributor
‎2024-09-05 12:50 AM
In response to PhoneBoy

hy PhoneBoy and thanks for that!

i configured "Configured on endpoint" and password caching. I then reinstalled the VPN-Site on a client. I am then able to activate "Autoconnect" on the Client, but nothing about the password caching. After a systemreboot the VPN Client is again asking for the password, so the caching is not working/activated. even if the Connect-windows is opened automatically (but with an empty password field)

is there any checkbox i am missing?

thanks

 

i guess its just not possible:

https://support.checkpoint.com/results/sk/sk44073

i found a way through trac.exe (connect -s ...) over CLI. i can script the connection to the VPN like this and make a task out of it. Unfortunately its not encrypted

regards
0 Kudos
PhoneBoy
Admin
Admin
‎2024-09-05 08:00 AM
In response to SWBW_Florian

We do not cache passwords across reboots.
For your use case, I recommend using Machine Certificates for authentication.
See: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_RemoteAccessVPN_AdminGuide/C... 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events