This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
vivekumar1988
Participant
‎2020-05-13 03:22 PM

Steps for using Third party CA for IPSEC Remote access VPN (Endpoint security client)

Hi Guys

Need your support !

i need to use third party CA in Remote access VPN.

The remote Access vpn is already configured and working, but now we want to use Certificate along with username and password authentication for users connecting via endpoint security client.

The user database resides on AD Ldap, 

i need steps by step process (from creating CA, CSR , and importing) how to get this working, 

  1. how to ADD the trusted Ca on Dashboard, whether we have to create root CA or sub-CA from openssl  ?
  2.  Or directly create CSR from firewall itself at first by "cpopenssl req -new -out <CERT.CSR> -keyout <KEYFILE.KEY> -config $CPDIR/conf/openssl.cnf"   ?  and send CSR to CA to sign ?
  3. Users are on AD using LDAP account unit, for this do i have create a "user template " and enable Encryotion>enable IKE private key .

is anyone done this requirement and created a document for reference.

Any help would be appreciated.

 

Thanks

 

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2020-05-14 11:20 AM

Multiple authentication schemes is described here:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
For a third party CA, you have to create an OPSEC CA object, import the public key, and set the gateway to authenticate VPN access via this CA.
It's described in the Remote Access VPN docs: https://sc1.checkpoint.com/documents/R80.10_andhigher/WebAdminGuides/EN/CP_RemoteAccessVPN_AdminGuid...
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events