Create a Post
Showing results for 
Search instead for 
Did you mean: 

Switching "legacy" type authentication in VPN

I've read some SKs, but I still can't see it.

The objective: to have a clearer idea of how authentication is processed and its impact on the firewall, allowing, in an emergency, to change the configuration from one server to another.

What we would like:
1 - Understand the difference between Legacy and the "Username and Password" option
2 - Understand how queries are made in Legacy and in "Username and Password"
3 - If it would be possible to have several LDAP servers for VPN authentication, or where do I change this option if we need to.
4 - Another curiosity, could the checkpoint SNX client work with a certificate if we change this global option?

0 Kudos
2 Replies

"Legacy" I believe refers to older VPN clients and where the authentication is defined (either on the user record, or "globally").
In practical terms, it does not change the authentication flow other than legacy restricts you to a single form of authentication for a given user.

You can have multiple LDAP servers for authentication, yes.
If they are for the same AU, you can simply list the servers in the relevant LDAP Account Unit object.
If they are for different AUs, you will need to define other LDAP Account Unit objects and you'll probably have to create an authentication method for each one.
See the following screenshot.



Phoneboy is right I believe...legacy would refer to older clients, but regardless, auth method listed would still be the same, regardless the client version you have.


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events