This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Herman
Contributor
‎2021-11-03 04:05 AM

How to setup machine certificate authentication?

Hello community!
I want to undestand how correctly enable machine certificate for separete VPN access for AD domain machines and AD users.
If I right about this, that for enable this feature I should:

  1. Get root cert and intermediate cert in my CA, added this certs to checkpoint environment (according sk149253) for ability generate CSR request for each future machine cert (and this I have a question, after I get cert, generated from CSR, where it is should putted in user machine? For example in windows machine, in certmgr -> "trusted root cert authorities" or other place?);
  2. In VPN Gateway activate feature "VPN Clients" -> "Authentication" -> select checkbox "Send Machine Certificate";
  3. Finally create rule with AccessRole (of couse, before it, activate Identity awareness for required AD server) in RuleBase as follow:
     
    vpnrules.jpg

Please clarify or correct my suggestions about machine certificate option for VPN.

0 Kudos
(1)
Who rated this post