Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mkushner
Participant

SmartCard Authentication for VPN users

Hi,

We currently have our VPN users authenticating with domain (user/password) credentials.

We want to change the VPN authentication to the SmartCard which each user has connected to his laptop and which is normally used to login to the laptop.

 

Has anyone configured VPN users with SmartCard authentication?

I was not able to find anything about this in Checkpoint site.  

Thanks

micha

0 Kudos
3 Replies
G_W_Albrecht
Legend
Legend

See Remote Access VPN R81 Administration Guide p.44fff !

CCSE CCTE SMB Specialist
0 Kudos
mkushner
Participant

Thanks, but I only see SmartCard mentioned regarding L2TP (which is not what we want) and it doesn't appear to really be with a SmartCard, rather with a regular certificate.

We want SmartCard authentication with Checkpoint VPN client, and that is not described there.

0 Kudos
mkushner
Participant

It was more complicated than I thought.  It took Checkpoint dealer two days to get it working and was not something that we could have done ourselves.

Some tips:

1. You need to activate Identity Awareness.  Don't need to run wizard, but will need to mark off VPN in IA configuration tab of firewall.

2. Changes needed to be done via DBEdit.

3. We are using UPN from the SmartCard and via Activedirectory.

4. Make sure that the connection to AD servers is working well.  We had problems of dedicated user locking in AD.  The solution was a CLI command to force use of NTLMv2.

5. We also configured the firewall to distribute addresses from DHCP servers.