Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
r3d888
Explorer
Jump to solution

How to limit vpn user account to single machine

The scenario is client doesn't have AD and they want all vpn users to used only their company  issued machines/laptops to avoid data loss and maintain data privacy.

May I ask if this is possible?

0 Kudos
1 Solution

Accepted Solutions
LukeOxley
Participant

It is indeed possible using certificate authentication. You'll issue the users certificates generated from the Check Point ICA (this can be done from the user records defined in SmartConsole, which get installed on their machines. These can be used as the sole authentication method, or as part of multiple authentication in conjunction with username and password or something similar. Hope that helps!

View solution in original post

4 Replies
LukeOxley
Participant

It is indeed possible using certificate authentication. You'll issue the users certificates generated from the Check Point ICA (this can be done from the user records defined in SmartConsole, which get installed on their machines. These can be used as the sole authentication method, or as part of multiple authentication in conjunction with username and password or something similar. Hope that helps!

r3d888
Explorer
But still when using certificates, user can used or log to its different machine as he/she have both accounts and certificate.
0 Kudos
Benedikt_Weissl
Advisor
You can install the certificate into the computers certificate store in a way that makes it impossible for the user to export the certificate later.
LukeOxley
Participant
Good tip mate!
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events