This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
GomesLuucas
Explorer
‎2023-02-08 07:18 AM

Switching "legacy" type authentication in VPN

I've read some SKs, but I still can't see it.

The objective: to have a clearer idea of how authentication is processed and its impact on the firewall, allowing, in an emergency, to change the configuration from one server to another.

What we would like:
1 - Understand the difference between Legacy and the "Username and Password" option
2 - Understand how queries are made in Legacy and in "Username and Password"
3 - If it would be possible to have several LDAP servers for VPN authentication, or where do I change this option if we need to.
4 - Another curiosity, could the checkpoint SNX client work with a certificate if we change this global option?

Preview file
17 KB
Preview file
25 KB
0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2023-02-10 10:20 AM

"Legacy" I believe refers to older VPN clients and where the authentication is defined (either on the user record, or "globally").
In practical terms, it does not change the authentication flow other than legacy restricts you to a single form of authentication for a given user.

You can have multiple LDAP servers for authentication, yes.
If they are for the same AU, you can simply list the servers in the relevant LDAP Account Unit object.
If they are for different AUs, you will need to define other LDAP Account Unit objects and you'll probably have to create an authentication method for each one.
See the following screenshot.

image.png

the_rock
Legend
Legend
‎2023-02-10 11:40 AM

Phoneboy is right I believe...legacy would refer to older clients, but regardless, auth method listed would still be the same, regardless the client version you have.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events