Re: Keep VPN connected when switching windows user...

Shahar_Grober · ‎2018-11-01

Hi,

Before I ask TAC, I would like to use the wisdom of the crowd.

Is there a way to keep Endpoint Security Client connected while switching between windows users (windows 10)?

Let me explain my need:

Let's say I have a user connected from a laptop to the VPN and now I want to create a new user on the laptop, in order to get a roaming user profile, the user has to be connected to the Domain and to the network and this can be done only via VPN. If I can log-in with one user, connect to the VPN and then switch to the new user while the VPN is connected I will be able to get the roaming user profile directly after login.

Is there a way to support this scenario using Endpoint Security?

PhoneBoy · ‎2018-11-02

As far as I know, you should be able to do this.

In fact, we have a note about this here saying that any user logged into the same system will also have access: Check Point Remote Access Solutions

Earlier versions of the client definitely didn't support this, though: Multiple logged in users (Fast User Switching) is not supported

Patrick_Gahan · ‎2019-02-21

A customer recently reported this behaviour to me as a perceived 'problem' but from what Dameon says and the note in sk67820 it does appear to be "by design". The behaviour reported to me was that "switch user" (on Windows 10) appeared to drop the remote access VPN tunnel whereas if the logged in user (user1) locked the screen and another user (user2) logged in as "Other User" then the tunnel from user1 would still be up & working....

This particular customer wanted to prevent this scenario, so i believe the solution in this case would be a Windows control to prevent both switching and "other user" login capability?

interested to know if anyone else has encountered this ...

Shahar_Grober · ‎2019-02-21

To prevent this you can set the "Disconnect when device is idle" in global properties

But, Does the second user able to login via the first user VPN?

Patrick_Gahan · ‎2019-02-21

Thanks Shahar, will give that a go

yes, once the user2 logs into Windows, then they can access all corporate resources as if they were user1...

Shahar_Grober · ‎2019-02-21

This is really interesting!!

I will give it a try although it sounds like a bug

Do you know which authentication method is used in this case?

Patrick_Gahan · ‎2019-02-21

Yes in this case we configure User Certificate authentication CAPI with Cert verification against backend AD Certificate Authority and User checking against AD Group Membership.

In this example user2 does not belong to the “remote VPN allowed” AD group but user1 does !

---

Regards,

Patrick

www.camwey.com

Shahar_Grober · ‎2019-02-21

So the second user "piggy backs" on the first user tunnel.

Which Endpoint version are you using

Cool, I will try that.

Thanks

Patrick

Patrick_Gahan · ‎2019-02-21

Correct

E80.90 (full agent) connecting to R80.10 gateway

---

Regards,

Patrick

www.camwey.com

flachance · ‎2023-12-11

Hi, Did you ever find a solution to keep VPN connected when switching windows users? I'm facing the same challenge.

thanks

Chris_Atkinson · ‎2023-12-11

Which client version and authentication method is used?

For reference E84.30 (old) fixed an issue where the VPN disconnects when the Windows desktop locks.

CCSM R77/R80/ELITE

flachance · ‎2023-12-12

E87.20. Authenticating with Certificate - P12

Are you a member of CheckMates?

Keep VPN connected when switching windows users