This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AntoX01
Participant
‎2021-11-26 09:39 AM
Jump to solution

Can Check Point Capsule VPN on Android device store Credentials?

Hi guys,

Can "Check Point Capsule VPN" installed on Android device store the authentication credentials without having to enter the user and password each time to connect?

The only thing I found, besides users complaining that they can't do this, was that maybe it is possible to do it with "Capsule Workspace", is it true? The only document I found, however, says I need to install the R77.30 Add-on. (https://sc1.checkpoint.com/documents/R77/CP_R77_Mobile_Access_WebAdmin/82201.htm

But now there is at least the R81 😉

Hello and thanks very much!

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin
‎2021-11-29 04:46 AM
In response to AntoX01
Jump to solution

Certificates are based on user/device pair. The certificate is initialised and pulled to a device with a one-time token generated for a specific user. Certificate cannot be transferred to another device. So, user is not prompted for credentials during the process.

View solution in original post

(1)
12 Replies
_Val_
Admin
Admin
‎2021-11-29 01:46 AM
Jump to solution

If you want seamless auth, use certificate method.

AntoX01
Participant
‎2021-11-29 02:14 AM
In response to _Val_
Jump to solution

Thank you very much,
so without using certificates it is not possible to save the credentials and not type them every time?
With the certificate I connect without the credentials, right?

the_rock
Legend
Legend
‎2021-11-29 04:25 AM
In response to AntoX01
Jump to solution

For certificate, answer is yes. As far as creds, I never figured out way to save them, even if that option is enabled on fw side. It only seems to work for endpoint vpn client, not capsule. I would confirm with TAC 100% to be sure, but Im about 95% sure myself  : - )

(1)
AntoX01
Participant
‎2021-11-29 05:26 AM
In response to the_rock
Jump to solution

Thanks the_rock, much appreciated.

0 Kudos
_Val_
Admin
Admin
‎2021-11-29 04:46 AM
In response to AntoX01
Jump to solution

Certificates are based on user/device pair. The certificate is initialised and pulled to a device with a one-time token generated for a specific user. Certificate cannot be transferred to another device. So, user is not prompted for credentials during the process.

(1)
AntoX01
Participant
‎2021-11-29 05:28 AM
In response to _Val_
Jump to solution

Thank you very much _Val_, then I'll use the certificate.

0 Kudos
AntoX01
Participant
‎2021-12-06 01:40 AM
In response to _Val_
Jump to solution

Good Morning @_Val_,  could you recommend me a guide to be able to create certificates for Android for the R81 please? I only found this for 80.40 ... https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_RemoteAccessVPN_AdminGuide/T...

I have understand that the certificates are created for the user, so I can decide to use the certificate only for a real one? And the other users instead continue to log in with the password. it is true?

Thank you very much and have a nice day!

0 Kudos
_Val_
Admin
Admin
‎2021-12-06 03:17 AM
In response to AntoX01
Jump to solution

Same chapter exists in R81 guide as well: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_RemoteAccessVPN_AdminGuide/Topics-...

 

That part I do not understand:

>>>I have understand that the certificates are created for the user, so I can decide to use the certificate only for a real one? And the other users instead continue to log in with the password. it is true?

 Can you please re-phrase the question?

0 Kudos
AntoX01
Participant
‎2021-12-06 03:22 AM
In response to _Val_
Jump to solution

Of course, thanks.

The question is: if I enable the certificate for only one user, will other users continue to enter with the password without problems?

0 Kudos
_Val_
Admin
Admin
‎2021-12-06 03:27 AM
In response to AntoX01
Jump to solution

Of course. You manage user certs on a user basis 🙂

0 Kudos
_Val_
Admin
Admin
‎2021-12-06 03:28 AM
In response to AntoX01
Jump to solution

Also, look here: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topi...

0 Kudos
AntoX01
Participant
‎2021-12-06 03:36 AM
In response to _Val_
Jump to solution

Thank you very much @_Val_ ! Have a nice day!

0 Kudos
Upcoming Events

    Sort by:
    CheckMates Events