Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MiniNinja
Collaborator
Jump to solution

SSO standalone VPN endpoint clients

I have R81.20 and a standalone VPN endpoint client on domain computers.
The mobile portal is enabled and remote access is configured. Authentication in the client by login and password.
How do I make sure that when logging into Windows, the client connects using the password entered in Windows?

0 Kudos
1 Solution

Accepted Solutions
MiniNinja
Collaborator

@G_W_Albrecht Thank you for your answer, as a result we get 2 options:

1) suggested by you - using machine authorization after logging in

2) suggested @PhoneBoy  - Using Harmony with Disk Encryption

View solution in original post

0 Kudos
16 Replies
the_rock
Legend
Legend

I cant recall now, but I believe there is an option somewhere either in global properties or gw object to use os password as auth method.

Andy

0 Kudos
MiniNinja
Collaborator

Hello @the_rock 

Unfortunately, I couldn't find this option.
Everything I've read talks about the portal and the applications on it, and I need it specifically in relation to the Windows account - interaction with Windows.

0 Kudos
the_rock
Legend
Legend

Let me see if I can find it.

Andy

0 Kudos
the_rock
Legend
Legend

Apologies mate, I think I mixed something else up. I thought there an option below, but does not appear so...

Andy

 

Screenshot_1.png

0 Kudos
AkosBakos
Advisor
Advisor

Hi @MiniNinja 

Do you want to use SecureDomainLogon feature?

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
MiniNinja
Collaborator

Hello @AkosBakos 

I saw this option, without turning it on, I get the opportunity to enter a username, password and connection on the login screen, but at the same time to log into Windows you need to enter the password again, and the task is just to enter the password 1 time and log in to the system, and then connect to the VPN.

0 Kudos
AkosBakos
Advisor
Advisor

Hi @MiniNinja 

Here is an older posts about this topic:

https://community.checkpoint.com/t5/Remote-Access-VPN/Secure-Domain-Logon/td-p/127190

Have a look at on this.

----------------
\m/_(>_<)_\m/
0 Kudos
MiniNinja
Collaborator

@AkosBakos Thanks for your reply, but I did not find how to transfer authorization to Windows when using SDL. SDL apparently works separately as a VPN connection functionality before logging in, and not as SSO in its usual sense. Goal: enter your username and password 1 time and log in + connect to the VPN.

Maybe I'm missing something or misunderstood.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
0 Kudos
MiniNinja
Collaborator

@G_W_Albrecht Thank you, how do I understand on a standalone client authorization based on a machine certificate?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

You will understand if you read the referenced document - it contains SDL, machine auth and all other config options. Machine auth makes the PC connect to RA VPN by itself, so if machine_tunnel_after_logon is enabled, after user login the RA VPN comes up without user intervention.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
MiniNinja
Collaborator

@G_W_Albrecht Thank you for your answer, as a result we get 2 options:

1) suggested by you - using machine authorization after logging in

2) suggested @PhoneBoy  - Using Harmony with Disk Encryption

0 Kudos
G_W_Albrecht
Legend Legend
Legend

First option is free, second has to be payed by seat - but if you need Harmony EPS it is a good choice !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
MiniNinja
Collaborator

@G_W_Albrecht Yes, I understand.

0 Kudos
PhoneBoy
Admin
Admin
0 Kudos
MiniNinja
Collaborator

@PhoneBoy Thanks, I already think this is the best option, but you need licenses and a dedicated management server that supports 500 connections.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events