AnsweredAssumed Answered

Using MS Active Directory  for remote access VPN

Question asked by Dmitriy Tiper on Sep 6, 2018

Hi everyone,

I totally lost in number of somewhat conflicting documentation and community topics and would be grateful if you can help me.

1. We are on R80.10 version SMS and gateways

3. IP Sec VPN,  Mobile access and Identity awareness blades are enabled

 2. We are using Check Point Mobile for Windows client and presently users are created locally.

 3. Local users are also assigned to users groups and user groups assigned to users roles that used in access rules to         distinguish what users can and cannot access

 4. I need to move to authenticate users against Microsoft AD and also to use AD user group user belongs to in MS AD in access rules for remote access VPN - i.e. some sort of authorization.

5. Do I need user directory license if I just want to enable remote VPN authentication against AD? There is no any MS AD management from Check Point side, just querying AD for user presence and if password is valid. 

6. What about using MS AD user group user belongs to in access rules? During initial setup for Mobile access I said that I don't want to use AD integration.

7. To make things more complicated, I need then to move to Radius authentication with soft RSA token and still be able to query MS AD for a user group connecting user belongs to to be able to use AD group in access rules.

 

Your help is really appreciated!

Outcomes