Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ESpataro
Contributor

VPN Client Authentication

Hi,
 
We are running our VPN clients gateways on R80.30SP  and are being used  for remote access ( User VPN  ) authentication via User certificates at the moment.
We are exploring to enable the machine certificate authentication for remote access VPN as well. Can you help us on below  please.
 
Also we are running/installed   Endpoint clients Version E81.40 Build 986101004  on the client machines.
 
1 ) Can we enable machine certificate authentication for remote access VPN on R80.30 SP version which we are running at the moment. If not what's the compatible version  to enable this feature.
 
2) If enabled can machine authentication method be enabled individually as a separate parameter to User certificate method  or this would be enabled in Global properties impacting  our existing user certificate remote VPN  authentication method.

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Machine certificate authentication was added in R80.40.
Which means, for Maestro, you'll need to upgrade to R81 or above.

You can create another authentication scheme for users to use.
See: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_RemoteAccessVPN_AdminGuide/T...

(1)
emmap
Employee
Employee

Machine certificates are a per gateway enablement, so it would apply to all users. You can enable it in an 'if available' mode rather than making it a requirement. It's configured as an additional step to the existing authentication, so the existing user auth settings would still apply. As Phoneboy says, you'll need to upgrade the gateway version. You should also look at upgrading the VPN client version, as that one is quite old now. 

(1)