This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
mkushner
Participant
‎2021-10-14 03:09 AM

SmartCard Authentication for VPN users

Hi,

We currently have our VPN users authenticating with domain (user/password) credentials.

We want to change the VPN authentication to the SmartCard which each user has connected to his laptop and which is normally used to login to the laptop.

 

Has anyone configured VPN users with SmartCard authentication?

I was not able to find anything about this in Checkpoint site.  

Thanks

micha

0 Kudos
3 Replies
G_W_Albrecht
Legend Legend
Legend
‎2021-10-14 03:55 AM

See Remote Access VPN R81 Administration Guide p.44fff !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
mkushner
Participant
‎2021-10-14 05:19 AM
In response to G_W_Albrecht

Thanks, but I only see SmartCard mentioned regarding L2TP (which is not what we want) and it doesn't appear to really be with a SmartCard, rather with a regular certificate.

We want SmartCard authentication with Checkpoint VPN client, and that is not described there.

0 Kudos
mkushner
Participant
‎2021-11-04 01:44 AM
In response to mkushner

It was more complicated than I thought.  It took Checkpoint dealer two days to get it working and was not something that we could have done ourselves.

Some tips:

1. You need to activate Identity Awareness.  Don't need to run wizard, but will need to mark off VPN in IA configuration tab of firewall.

2. Changes needed to be done via DBEdit.

3. We are using UPN from the SmartCard and via Activedirectory.

4. Make sure that the connection to AD servers is working well.  We had problems of dedicated user locking in AD.  The solution was a CLI command to force use of NTLMv2.

5. We also configured the firewall to distribute addresses from DHCP servers.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top