Who rated this post

cancel
Showing results for 
Search instead for 
Did you mean: 
Herman
Contributor

How to setup machine certificate authentication?

Hello community!
I want to undestand how correctly enable machine certificate for separete VPN access for AD domain machines and AD users.
If I right about this, that for enable this feature I should:

  1. Get root cert and intermediate cert in my CA, added this certs to checkpoint environment (according sk149253) for ability generate CSR request for each future machine cert (and this I have a question, after I get cert, generated from CSR, where it is should putted in user machine? For example in windows machine, in certmgr -> "trusted root cert authorities" or other place?);
  2. In VPN Gateway activate feature "VPN Clients" -> "Authentication" -> select checkbox "Send Machine Certificate";
  3. Finally create rule with AccessRole (of couse, before it, activate Identity awareness for required AD server) in RuleBase as follow:
     
    vpnrules.jpg

Please clarify or correct my suggestions about machine certificate option for VPN.

0 Kudos
(1)
Who rated this post