This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Rober506
Participant
Tuesday

How to avoid 3th Party VPN Client

Hi,

After some security updates, certain VPN clients using Linux OS and the SNX connector (without Mobile Access Blades, just IPsec VPN) were unable to complete the MFA process using OTP. This issue was resolved by having users access the Mobile Access Portal through Chrome on their Linux devices and use the SNX client to receive the OTP and connect.

However, during this process, some users discovered they could use third-party software clients to establish VPN connections with MFA by using alternative client software.

The third-party client being referenced is available at:
https://github.com/ancwrd1/snx-rs

The concern is: how can I prevent access from non-official clients, especially when their logs appear as "EndpointClient," similar to those of users who use the official Endpoint Client to connect?

Best Regards,

7 Replies
the_rock
Legend
Legend
Tuesday

Apart from SCV feature, maybe below can help? You can use access roles for it, but you do need identity awareness blade enabled.

Andy

 

Screenshot_1.png

Rober506
Participant
yesterday
In response to the_rock

It looks interesting I'll investigate more about this, thanks

the_rock
Legend
Legend
yesterday
In response to Rober506

I never personally tested it myself, but I am pretty sure it would work.

Andy

0 Kudos
PhoneBoy
Admin
Admin
yesterday

Short of disabling SNX as an allowed client (which would also disable the official SNX client), not sure of a way to do this.
I would open a TAC case.

0 Kudos
Rober506
Participant
yesterday
In response to PhoneBoy

Yes, but I need to keep linux users that uses snx.. One particular issue with this unofficial client is that it appears as official EndPointClient on Windows in the IAw logs 

0 Kudos
PhoneBoy
Admin
Admin
yesterday
In response to Rober506

Completely understand.
As I said, best to open a TAC case.
I’m also checking with R&D on the backend.

0 Kudos
the_rock
Legend
Legend
yesterday
In response to Rober506

Thats super valid point.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events