This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MiniNinja
Collaborator
‎2024-09-01 07:00 AM
Jump to solution

SSO standalone VPN endpoint clients

I have R81.20 and a standalone VPN endpoint client on domain computers.
The mobile portal is enabled and remote access is configured. Authentication in the client by login and password.
How do I make sure that when logging into Windows, the client connects using the password entered in Windows?

0 Kudos
1 Solution

Accepted Solutions
MiniNinja
Collaborator
‎2024-09-04 01:04 AM
In response to G_W_Albrecht
Jump to solution

@G_W_Albrecht Thank you for your answer, as a result we get 2 options:

1) suggested by you - using machine authorization after logging in

2) suggested @PhoneBoy  - Using Harmony with Disk Encryption

View solution in original post

0 Kudos
16 Replies
the_rock
Legend
Legend
‎2024-09-01 09:28 AM
Jump to solution

I cant recall now, but I believe there is an option somewhere either in global properties or gw object to use os password as auth method.

Andy

0 Kudos
MiniNinja
Collaborator
‎2024-09-02 03:23 AM
In response to the_rock
Jump to solution

Hello @the_rock 

Unfortunately, I couldn't find this option.
Everything I've read talks about the portal and the applications on it, and I need it specifically in relation to the Windows account - interaction with Windows.

0 Kudos
the_rock
Legend
Legend
‎2024-09-02 11:53 AM
In response to MiniNinja
Jump to solution

Let me see if I can find it.

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-09-02 01:43 PM
In response to MiniNinja
Jump to solution

Apologies mate, I think I mixed something else up. I thought there an option below, but does not appear so...

Andy

 

Screenshot_1.png

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2024-09-01 09:48 AM
Jump to solution

Hi @MiniNinja 

Do you want to use SecureDomainLogon feature?

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
MiniNinja
Collaborator
‎2024-09-02 03:19 AM
In response to AkosBakos
Jump to solution

Hello @AkosBakos 

I saw this option, without turning it on, I get the opportunity to enter a username, password and connection on the login screen, but at the same time to log into Windows you need to enter the password again, and the task is just to enter the password 1 time and log in to the system, and then connect to the VPN.

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2024-09-02 03:30 AM
In response to MiniNinja
Jump to solution

Hi @MiniNinja 

Here is an older posts about this topic:

https://community.checkpoint.com/t5/Remote-Access-VPN/Secure-Domain-Logon/td-p/127190

Have a look at on this.

----------------
\m/_(>_<)_\m/
0 Kudos
MiniNinja
Collaborator
‎2024-09-02 11:39 PM
In response to AkosBakos
Jump to solution

@AkosBakos Thanks for your reply, but I did not find how to transfer authorization to Windows when using SDL. SDL apparently works separately as a VPN connection functionality before logging in, and not as SSO in its usual sense. Goal: enter your username and password 1 time and log in + connect to the VPN.

Maybe I'm missing something or misunderstood.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2024-09-02 11:56 PM
Jump to solution

https://sc1.checkpoint.com/documents/RemoteAccessClients_forWindows_AdminGuide/Content/Topics-RA-VPN...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
MiniNinja
Collaborator
‎2024-09-03 07:09 AM
In response to G_W_Albrecht
Jump to solution

@G_W_Albrecht Thank you, how do I understand on a standalone client authorization based on a machine certificate?

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2024-09-04 12:08 AM
In response to MiniNinja
Jump to solution

You will understand if you read the referenced document - it contains SDL, machine auth and all other config options. Machine auth makes the PC connect to RA VPN by itself, so if machine_tunnel_after_logon is enabled, after user login the RA VPN comes up without user intervention.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
MiniNinja
Collaborator
‎2024-09-04 01:04 AM
In response to G_W_Albrecht
Jump to solution

@G_W_Albrecht Thank you for your answer, as a result we get 2 options:

1) suggested by you - using machine authorization after logging in

2) suggested @PhoneBoy  - Using Harmony with Disk Encryption

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2024-09-04 01:11 AM
In response to MiniNinja
Jump to solution

First option is free, second has to be payed by seat - but if you need Harmony EPS it is a good choice !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
MiniNinja
Collaborator
‎2024-09-04 01:58 AM
In response to G_W_Albrecht
Jump to solution

@G_W_Albrecht Yes, I understand.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-09-03 06:47 AM
Jump to solution

I'm fairly certain this requires Harmony Endpoint.
https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/... 

0 Kudos
MiniNinja
Collaborator
‎2024-09-03 07:07 AM
In response to PhoneBoy
Jump to solution

@PhoneBoy Thanks, I already think this is the best option, but you need licenses and a dedicated management server that supports 500 connections.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events