This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
sean37
Explorer
‎2025-04-22 10:02 AM

VPN Login Before Windows

Issues - Not getting VPN Icon berfore windows login. This is a new Windows Deployment using Autopilot. End user has never logged into computer before this. Need to have VPN for first login when user is remote. The deployment type is hybrid entra. This requires user to authenicate to the DC. 

I Can confirm that 

1. Checkpint is install and trac.config is there with SDL enable and Always connect turned on

2. It does have Username and Password ad auth type. 

3. Default site id configured. 

Even with all this we still don't get the VPN icon on first boot after autopilot.

0 Kudos
12 Replies
PhoneBoy
Admin
Admin
‎2025-04-22 01:32 PM

What authentication type have you configured for Remote Access?
If it's SAML, this does not support SDL, which is noted here:
https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_RemoteAccessVPN_AdminGuide/Content... 

0 Kudos
(1)
sean37
Explorer
‎2025-04-22 01:36 PM
In response to PhoneBoy

Using Username / Password and still cannot get the icon on the login to connect VPN

0 Kudos
PhoneBoy
Admin
Admin
‎2025-04-22 01:54 PM
In response to sean37

Please provide screenshots (with sensitive details redacted) showing what you've configured as well as the version/JHF levels of gateways and management.
Also, I don't know what "still cannot get the icon on the login to connect VPN" means, please show a screenshot of that.

0 Kudos
sean37
Explorer
‎2025-04-22 02:19 PM
In response to PhoneBoy

Endpoint version E88.70
Gateways 1575 R81.10.15 x4 Cloud GW R82 98
SmartCloud R82 MGMT

Preview file
1177 KB
Preview file
2032 KB
Preview file
2242 KB
Preview file
2439 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2025-04-22 04:59 PM
In response to sean37

Secure Domain Login leverages a legacy feature in Windows called GINA, which has technically been deprecated since Windows Vista.
I'm guessing the login method you are using (PIN) does NOT leverage GINA and/or your release of Windows completely disables GINA.

Regardless of the reason, no GINA means no SDL.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-04-22 05:01 PM
In response to sean37

Those settings look right to me...so what happens when laptop boots up? Do you see an option to try log in?

Andy

Best,
Andy
0 Kudos
sean37
Explorer
‎2025-04-22 05:05 PM
In response to the_rock

No the VPN icon to try login. Never promots or anything. 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-04-22 08:09 PM
In response to sean37

Technically, it would not come up automatically, user would need to click on the icon when screen is locked before they enter their creds for windows.

Andy

Best,
Andy
0 Kudos
sean37
Explorer
‎2025-04-22 09:07 PM
In response to the_rock

The problem is the icon does not show to click on. That is the part we’re missing.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-04-23 05:06 AM
In response to sean37

K, got it now. Here is what I would try...either reinstall the client on PC you are testing or try another one. If both fail, might be worth do remote with TAC.

Andy

Best,
Andy
0 Kudos
sean37
Explorer
‎2025-04-22 05:18 PM
In response to the_rock

One other thing is that at this point of trying to login into the VPN no user has logged into the computer yet. It's a fresh OBE for the user using autopilot. 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-04-22 01:57 PM
In response to sean37

Did you follow below?

Andy

https://sc1.checkpoint.com/documents/RemoteAccessClients_forWindows_AdminGuide/Content/Topics-RA-VPN...

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events