AnsweredAssumed Answered

Machine AD membership Authentication using Radius/LDAP

Question asked by Hamid Harrar on Sep 22, 2018
Latest reply on Sep 25, 2018 by Dameon Welch-Abernathy

Hi Everyone,


I would like to get some guidance on IPSec VPN machine Authentication.

I have an R80.10 cluster XL configured for IPsec VPN and mobile access for remote users using Checkpoint endpoints clients. Authentication is currently done via radius for domain users only, I want to ensure that only corporate machines (AD joined) can connect, so anyone installing the client on their personal laptop/computer will be denied.


To do this, I enabled the Identity awareness blade and added an access role where I defined the Domain Computers and Domain Users AD groups in the relevant fields. I added this to the firewall rule (as source) where the VPN community is allowed to access internal subnets. However this did not work, Can anyone provide some guidance on how to get this done? I went through the R80.10 admin guide but this does not explain how to configure such authentication.


I found an article which refers to Machine Cert Authentication, but this not what I'm after, I only to check the laptops hostname against Radius.

Machine Certificate Installation on Security Gateway for Authentication to VPN Clients


Thanks in advance.