Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

How to limit vpn user account to single machine

Jump to solution

The scenario is client doesn't have AD and they want all vpn users to used only their company  issued machines/laptops to avoid data loss and maintain data privacy.

May I ask if this is possible?

0 Kudos
1 Solution

Accepted Solutions
Highlighted

It is indeed possible using certificate authentication. You'll issue the users certificates generated from the Check Point ICA (this can be done from the user records defined in SmartConsole, which get installed on their machines. These can be used as the sole authentication method, or as part of multiple authentication in conjunction with username and password or something similar. Hope that helps!

View solution in original post

4 Replies
Highlighted

It is indeed possible using certificate authentication. You'll issue the users certificates generated from the Check Point ICA (this can be done from the user records defined in SmartConsole, which get installed on their machines. These can be used as the sole authentication method, or as part of multiple authentication in conjunction with username and password or something similar. Hope that helps!

View solution in original post

Highlighted
But still when using certificates, user can used or log to its different machine as he/she have both accounts and certificate.
0 Kudos
Highlighted
You can install the certificate into the computers certificate store in a way that makes it impossible for the user to export the certificate later.
Highlighted
Good tip mate!
0 Kudos