Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Shahar_Grober
Advisor

Keep VPN connected when switching windows users

Hi,

Before I ask TAC, I would like to use the wisdom of the crowd.

Is there a way to keep Endpoint Security Client connected while switching between windows users (windows 10)? 

Let me explain my need:

Let's say I have a user connected from a laptop to the VPN and now I want to create a new user on the laptop, in order to get a roaming user profile, the user has to be connected to the Domain and to the network and this can be done only via VPN. If I can log-in with one user, connect to the VPN and then switch to the new user while the VPN is connected I will be able to get the roaming user profile directly after login.

Is there a way to support this scenario using Endpoint Security?

11 Replies
PhoneBoy
Admin
Admin

As far as I know, you should be able to do this.

In fact, we have a note about this here saying that any user logged into the same system will also have access: Check Point Remote Access Solutions 

Earlier versions of the client definitely didn't support this, though: Multiple logged in users (Fast User Switching) is not supported 

Patrick_Gahan
Participant

A customer recently reported this behaviour to me as a perceived 'problem' but from what Dameon says and the note in sk67820 it does appear to be "by design".  The behaviour reported to me was that "switch user" (on Windows 10) appeared to drop the remote access VPN tunnel whereas if the logged in user (user1) locked the screen and another user (user2) logged in as "Other User" then the tunnel from user1 would still be up & working....

This particular customer wanted to prevent this scenario, so i believe the solution in this case would be a Windows control to prevent both switching and "other user" login capability?

interested to know if anyone else has encountered this ...

Shahar_Grober
Advisor

To prevent this you can set the "Disconnect when device is idle" in global properties

But, Does the second user able to login via the first user VPN? 

Patrick_Gahan
Participant

Thanks Shahar, will give that a go 

yes, once the user2 logs into Windows, then they can access all corporate resources as if they were user1...

Shahar_Grober
Advisor

This is really interesting!!

I will give it a try although it sounds like a bug

Do you know which authentication method is used in this case? 

Patrick_Gahan
Participant

Yes in this case we configure User Certificate authentication CAPI with Cert verification against backend AD Certificate Authority and User checking against AD Group Membership.

 

In this example user2 does not belong to the “remote VPN allowed” AD group but user1 does !

 

 

---

Regards,

Patrick

www.camwey.com

Shahar_Grober
Advisor

So the second user "piggy backs" on the first user tunnel. 

Which Endpoint version are you using 

Cool, I will try that.

Thanks

Patrick

Patrick_Gahan
Participant

Correct Smiley Happy

E80.90 (full agent) connecting to R80.10 gateway

 

 

---

Regards,

Patrick

 

www.camwey.com

flachance
Advisor

Hi, Did you ever find a solution to keep VPN connected when switching windows users? I'm facing the same challenge.

thanks

Chris_Atkinson
Employee Employee
Employee

Which client version and authentication method is used?

For reference E84.30 (old) fixed an issue where the VPN disconnects when the Windows desktop locks.

CCSM R77/R80/ELITE
flachance
Advisor

E87.20. Authenticating with Certificate - P12

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events