- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hello,
I use Checkpoint Endpoint VPN client for Windows and Mac to access a company VPN, using username/password and then confirmation on the phone using Microsoft authenticator. Is there any way to setup a client in this scenario for Linux (Ubuntu)?
Thank you!
Thank you both for your replies. I wasted too much time (about 7-8 day already) trying to get this working so I'll stick to Windows for now. As another user pointed out in a different thread, It's a pitty that Checkpoint doesn't support Linux for real (I'm not talking about SNX). Many other vendors do so.
On Linux, the only supported client is SNX, and I believe you can use the Mobile Access portal to perform the required authentication.
If your GW is R81 or higher, you can use sk165014: Supporting strongSwan as a Remote Access client !
@PhoneBoy Thank you. I read in other posts that SNX client is not working with recent Ubuntu versions, nor with MFA. I don't know really is what is. From what I read on this site, it is something that the Endpoint admin has to setup, but unfortunatelly I doubt they will do it.
@G_W_Albrecht Thank you for your reply. It's R84.30 or newer. I tried to follow and adapt the tutorials of @Soeren_Rothe on this site (on Ubuntu desktops 22.04 and 21.10), but it didn't work for me because I didn't know how to adapt to the differences (Soeren is using pre-shared secret; our server seems to use a certificate).
In the Windows client, I just create a new connection (by entering the host name), confirm the server certificate fingerprint (because its root CA is self-signed) and then it's ready to use (I just enter username/password and confirm in Authenticator App).
By reading the Windows client extended logs, I saw that our config uses username+password authentication, but I didn't find info about the server certificate (I do have the root CA certificate).
It's R84.30 or newer. --> I mean the Gateway you connect to must be at least R81 to use strongSwan.
Thank you for you quick reply. How can I check what version is my Gateway?
That depends on your level of access:
- ask the FW admin
- connect to GWs GAiA portal, you do not need to login
- start SmartDashboard and look at the GW version
- connect to GW using SSH and issue # fw ver
There is nothing you can do as an end user to enable Remote Access via a Linux system.
You will need to work with your admins directly on this.
Thank you both for your replies. I wasted too much time (about 7-8 day already) trying to get this working so I'll stick to Windows for now. As another user pointed out in a different thread, It's a pitty that Checkpoint doesn't support Linux for real (I'm not talking about SNX). Many other vendors do so.
Couldn't agree more. As a developer on Linux, I've suffered for multiple years trying to access our checkpoint system, having to use an old an insecure version of SNX to connect. Once we went to 2FA, IT had to setup an AWS entrypoint since Checkpoint no longer worked for me.
Checkpoint uses Linux but doesn't provide a Linux client. Shameful.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY