- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi guys,
Does anyone have experience with using a smartcard to unlock the pre-boot of Sandblast FDE?
I've enabled the feature in the end-point console, when entering my smartcard it switches the login screen to enter my PIN. However when I enter the PIN it does not unlock.
The smartcard has a user certificate on it to authenticate on Windows, which is working fine.
I don't have that much experience with smartcards and CheckPoint so I was wondering if I need a specific certificate (like EFS) or that any of you have any experience using this.
I would also think that the driver is correct because it switches to the PIN and when I use another type of smartcard it does not switch, so cannot read the smartcard.
Any help would be appreciated!
In older versions (ones no longer supported), there was a bug with PINs of a certain length.
Not sure that's still relevant.
It's probably a good idea to involve the TAC in this.
Thanks for the response, this however is not an older version and the pin is only 4 digits in lenght for testing.
We'll probably need TAC but I have some great experiences with this community and was hoping for the small simple remark that will point is in the right direction. My guess is that this is something simple that we are overlooking.
I'll see if I can get an expert in this area to comment
@Tom_Heesmans, I just found your post and I'm wondering how you resolved the issue described.
After switching from password to smartcard authentication in the FDE preboot today, I get an "Invalid Logon" message in the client, and a "No Smartcard users configured" in the logs on the management. I did some testing and my scenario matches your description.
I know it has been a while, but I'll appreciate it if you can share anything you remember. 🙂
For us this eventually came down to an incompatible driver for the smartcard reader. It should have been compatible according to the documentation but after examination from dev-ops this was not the case. Our smartcard readers where from Thales (formaly Gemalto) and CheckPoint collaborated with them to integrate the correct driver. Everything is working as expected now.
Good to know, @Tom_Heesmans. I will double-check if the smartcard reader driver is the right one in my case. We ended up using a generic one from the list provided during configuration.
Thanks for your response!
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY