This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Larry_Chisholm
Participant
‎2018-05-15 11:02 AM

Can a Checkpoint GW have more than 1 RA VPN Profile?

Is there any way to create multiple remote access vpn profiles like with the ASA?

I have two different domains, and I'd like my users to access their own specific domain AD for login authentication

I have a RA VPN set up right now that performs ldap lookups against domain1.local but I want to add a second profile that does it's lookups against domain2.local's  AD.  Is this possible with checkpoint?

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2018-05-15 04:11 PM

You can configure one gateway to consult multiple LDAP servers.

Though I guess there is a question about which LDAP server will get priority and that may not be desirable.

To ensure completely different settings, you would need to use VSX (a virtual gateway for each domain).

Louis_Poulin
Collaborator
‎2018-07-24 10:06 AM
In response to PhoneBoy

If you use VSX (a virtual gateway for each domain) and you use the same SmartConsole to manage them, they will be all part of the "Remote Access" VPN Community, right?

In that case, will the client try to authenticate to each virtual Gateway because of the "Secondary Connect" feature?

0 Kudos
Norbert_Bohusch
Advisor
‎2018-07-24 11:01 AM
In response to Louis_Poulin

You can configure the account unit (AD) to query in gateway settings

0 Kudos
Houssameddine_1
Collaborator
‎2018-07-24 11:36 AM
In response to Louis_Poulin

As I mentioned before the management server is considered one site. all the gateways in the remote access community are part of one site. For secondary connect the  client will try to establish secondary connection if it find some traffic to go to different encryption domain behind different gateway in the remote access community.

0 Kudos
Houssameddine_1
Collaborator
‎2018-05-16 10:58 AM

Checkpoint queries all account units at the same time the first to respond checkpoint gw will use that information. The problem that you have if the same user exists in both account units and you will run to race condition. There is another option which you change the  attribute that will be used to search the users for example you can use userprinciple name (by default checkpoint uses sAMaccount Name) but the user have to use his email to login not just user name.

Thanks

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events