Create a Post
Showing results for 
Search instead for 
Did you mean: 

Remote Access VPN with MacOS : certificate authentication don't work


We have a project to add a 2FA in our Remote Access VPN. Currently we have set to authenticate with username & passwords, and we want to add user certificate (issued by internal CA running on Microsoft, integrated with AD).

This is working fine for Microsoft computers with Check Point Endpoint Security VPN client (standalone). We just have a failure after a while (traffic blocked after a random amount of time, with logs like 'can't find user' or 'failed login'). This one is object of an ongoing TAC case. But still, for these, the authentication with certificate is working fine, and the VPN tunnel establishes.

Now we have a lot of users that have MacBooks, also running the CP Endpoint VPN client. The user certificate has been imported in the Key Chains. When we try to authenticate on the VPN client with the certificate, it doesn't work.

An example of log extract, showing failure of MacOS, and success of Windows (same user, same certificate) :



The detail of the failure log, showing the user is not in the right format, expected here something like it is for Windows clients :



Here is how the authentication is configured for certificate usage (again, working fine on Windows) :



Do you know if I have to create another Login Option especially for MacOS ? If so, what settings should I use ? I already tried various combination, none of them worked 😞

Thanks in advance for your help !



1 Reply

Are you using the latest supported macOS VPN client? I saw E82.50 within your log card details. E84.30 was released within the last 2 weeks that has support for Bug Sur as well as Machine Authentication for the VPN client.

SK170513 - Enterprise Endpoint Security E84.30 macOS Clients - Early Availability