Solved: Re: Can Check Point Capsule VPN on Android device ...

AntoX01 · ‎2021-11-26

Hi guys,

Can "Check Point Capsule VPN" installed on Android device store the authentication credentials without having to enter the user and password each time to connect?

The only thing I found, besides users complaining that they can't do this, was that maybe it is possible to do it with "Capsule Workspace", is it true? The only document I found, however, says I need to install the R77.30 Add-on. (https://sc1.checkpoint.com/documents/R77/CP_R77_Mobile_Access_WebAdmin/82201.htm)

But now there is at least the R81 😉

Hello and thanks very much!

_Val_ · ‎2021-11-29

Certificates are based on user/device pair. The certificate is initialised and pulled to a device with a one-time token generated for a specific user. Certificate cannot be transferred to another device. So, user is not prompted for credentials during the process.

View solution in original post

_Val_ · ‎2021-11-29

If you want seamless auth, use certificate method.

AntoX01 · ‎2021-11-29

Thank you very much,
so without using certificates it is not possible to save the credentials and not type them every time?
With the certificate I connect without the credentials, right?

the_rock · ‎2021-11-29

For certificate, answer is yes. As far as creds, I never figured out way to save them, even if that option is enabled on fw side. It only seems to work for endpoint vpn client, not capsule. I would confirm with TAC 100% to be sure, but Im about 95% sure myself : - )

AntoX01 · ‎2021-11-29

Thanks the_rock, much appreciated.

_Val_ · ‎2021-11-29

Certificates are based on user/device pair. The certificate is initialised and pulled to a device with a one-time token generated for a specific user. Certificate cannot be transferred to another device. So, user is not prompted for credentials during the process.

AntoX01 · ‎2021-11-29

Thank you very much _Val_, then I'll use the certificate.

AntoX01 · ‎2021-12-06

Good Morning @_Val_, could you recommend me a guide to be able to create certificates for Android for the R81 please? I only found this for 80.40 ... https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_RemoteAccessVPN_AdminGuide/T...

I have understand that the certificates are created for the user, so I can decide to use the certificate only for a real one? And the other users instead continue to log in with the password. it is true?

Thank you very much and have a nice day!

_Val_ · ‎2021-12-06

Same chapter exists in R81 guide as well: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_RemoteAccessVPN_AdminGuide/Topics-...

That part I do not understand:

>>>I have understand that the certificates are created for the user, so I can decide to use the certificate only for a real one? And the other users instead continue to log in with the password. it is true?

Can you please re-phrase the question?

AntoX01 · ‎2021-12-06

Of course, thanks.

The question is: if I enable the certificate for only one user, will other users continue to enter with the password without problems?

_Val_ · ‎2021-12-06

Of course. You manage user certs on a user basis 🙂

_Val_ · ‎2021-12-06

Also, look here: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topi...

AntoX01 · ‎2021-12-06

Thank you very much @_Val_ ! Have a nice day!

Are you a member of CheckMates?

Can Check Point Capsule VPN on Android device store Credentials?