- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi Fellow Checkmate Members
Can anyone help me in achieving this for my company pretty please
Scenario:
We are using "Check Point Endpoint Security" as a remote access client for VPN users. It is working great with no problem. We are currently "Username+Password" as an authentication mechanism. The problem we are having is the following:
Users can install the client on their own personal devices and connect to the VPN because they are allowed to. Now we want to limit Remove Access VPN connection ONLY using company-owned or company-assigned devices to the user. How do I go about achieving that? We are trying to prevent users from installing the Check Point Endpoint Security client to their personal devices, while not removing their Remote access VPN right on company-owned devices. Please help 😔
R80.40 may yield a feature of interest...
Use machine certificate to distinguish between corporate and non-corporate assets and to set a policy enforcing the use of corporate assets only. Enforcement can be pre-logon (device authentication only) or post-logon (device and user authentication).
Change your authentication method so that it is Username+Password+Certificate and only agree to allow them to register a corporate device with the generated Certificate.
While it isn't impossible to export certificates off of a Windows box, it takes some work to get it done and is beyond the capabilities of most users.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY