This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Stefano_Bucci
Participant
‎2020-03-24 07:58 AM

VPN Clients Authentication with Certificate and User And Password

Hi all,

I know maybe this is something already seen in the past, but I'm not able to find any info about this.

I also checked the sk86240 but i'm running on R80.30. 

Actually I'm working in a LAB environment preparing a production set.

We have a DC and if I use as authentication method user and psw I'm able to log in.

I also used only certificate as authentication method with both external CA certificates generate by me and adding the external server CA, and also certificate generated by the internal_CA with the enrollment and everything works.

What I'd like to do is to authenticate users with a personal certificate signed by an external CA and then authenticate the user by AD user and password.

Behavior is strange, once certificate authentication passed once I have to put username and password the username field is not editable and keep the cn of the certificate issued by the internal ca. 

Do you have some advise?

Thanks

 

 

0 Kudos
6 Replies
G_W_Albrecht
Legend Legend
Legend
‎2020-03-24 09:02 AM

Did you read the Mobile Access Administration Guide R80.10 p.141ff ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Stefano_Bucci
Participant
‎2020-03-24 09:50 AM
In response to G_W_Albrecht

Hi, yes I did.

My case is different, I think

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2020-03-25 02:08 AM
In response to Stefano_Bucci

Maybe try Remote Access VPN Administration Guide R80.10 p.32 ff ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Stefano_Bucci
Participant
‎2020-03-25 09:26 AM
In response to G_W_Albrecht

Hi, same there. My case I think it's more complicated.

Thanks

0 Kudos
PhoneBoy
Admin
Admin
‎2020-03-29 07:24 PM

Does the authentication still actually work when you combine the two or does it fail?
Might be worth getting the TAC involved here.
0 Kudos
Stefano_Bucci
Participant
‎2020-03-30 12:31 AM
In response to PhoneBoy

Hi PhoneBoy,

actually is still not working. I'll do some further test and then I'll go stight to the TAC.

Thanks, maybe I'll post the solution if it worth it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events