I found very useful information here about the SMB appliances and how to start Remote-Access VPN with certificate authentication. I'm curious to know is there a why to disable the default username and password authentication?
You are correct. On SMB appliances it is only possible with 3rd party products. You can use a Radius server which takes care of the 2FA for you.
Just to clarify - Now remote users can connect with SecuRemote VPN or Capsule VPN client with either Username and Password authentication or certificates. I want to force the clients to use only certificates and disable the username- password authentication for VPN at all.
These are the methods to configure remote access users on locally managed SMBs:• Local users• RADIUS users• AD users
Certificates are accepted (if known).
The answer is easy: CP password has a length between 4 and 8 characters and may contain no spaces . In times of 2FA this is rather a weak solution...
Yes, 2FA will be the best, but as I see it is not natively supported on SMB appliances and is possible only with 3rd party products, or I'm missing such solution from Checkpoint?
Retrieving data ...