Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

Identity Agent Untrusted Gateway

Jump to solution

Hello
I am using R80.10 on 23500 appliances.
I want use Identity Awareness Blade, actually almost everything working good expect Identity Agent SSL Certificate.
When I install identity agent on a Windows there is a Warning Message on status of agent.

My SSL certificate is looks like OK. If I click Trust everything working perfect. But while the installation like VPN is not sending any message to user for this trust relationship. It is just waiting in here, every user have to open up the status of agent and click Review after that click Trust. The users are do not know what is mouse so they can not do this clicking steps and we are talking about 20k active users.
Browser-Based Authentication works fine with same certificate.
My certificate is validated but I am still having this issue.
Ekran Resmi 2020-07-09 14.12.51.png

Labels (1)
1 Solution

Accepted Solutions
Highlighted
Collaborator

You can prevent this problem for your users by predeploying the trust.

There are multiple ways to do so and Identity Awareness Admin Guide is showing you how.

For a very quick workaround for your 20k users: Deploy the following registry key using you client software management plattform (SCCM or something like that):

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\IA\TrustedGateways\...

Just copy the needed content of this hive key from a client, where the trust button is already pressed.

For the future, just bundle the needed registry keys with the agent installer. You can manipulate the agent installer msi file do include this trust. Just patch it using the IA config tool. See Identity Awareness Admin Guide for details.

View solution in original post

4 Replies
Highlighted
Admin
Admin

This is normal. Just press "Trust" and move on. Browser based CA trust is using a different repository. Agent's trust is relying on registry entry, which will be created when you press "Trust"

Highlighted
Participant
Hello Val
But my users are really bad using computer so thousands of them can not right click on agent, open up satus, click Review and click Trust.
Why it is not showing me a pop up while connecting or installing the agent for this trust relationship like Endpoint Security VPN.
Does every user in the world using Identity Agent have to click Trust?
Highlighted
Collaborator

You can prevent this problem for your users by predeploying the trust.

There are multiple ways to do so and Identity Awareness Admin Guide is showing you how.

For a very quick workaround for your 20k users: Deploy the following registry key using you client software management plattform (SCCM or something like that):

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\IA\TrustedGateways\...

Just copy the needed content of this hive key from a client, where the trust button is already pressed.

For the future, just bundle the needed registry keys with the agent installer. You can manipulate the agent installer msi file do include this trust. Just patch it using the IA config tool. See Identity Awareness Admin Guide for details.

View solution in original post

Highlighted
Participant
This one is perfect.
I have learned lots of things , thanks to you.
0 Kudos
Reply