CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it yet again - That's right, the 3rd edition is here!
You can read his announcement post here.
It's a massive upgrade focusing on current versions, and well worth checking out. -E

 

Results 1 to 4 of 4

Thread: Cert based auth

  1. #1
    Join Date
    2008-08-20
    Location
    Germany
    Posts
    50
    Rep Power
    12

    Default Cert based auth

    Hi,
    I want to migrate my remote access user from ldap auth with user + pw to cert based auth, so that not everyone who installs the vpn client on any system can connect with the ldap credentials.
    How can I force, that ldap users can only connect when they use cert auth ? I also have rsa users that should not be migrated to cert auth.....
    I use R75 Mgnt + Gw and microsoft2008 AD

  2. #2
    Join Date
    2011-04-24
    Posts
    13
    Rep Power
    0

    Default Re: Cert based auth

    Quote Originally Posted by pebbles5 View Post
    Hi,
    I want to migrate my remote access user from ldap auth with user + pw to cert based auth, so that not everyone who installs the vpn client on any system can connect with the ldap credentials.
    How can I force, that ldap users can only connect when they use cert auth ? I also have rsa users that should not be migrated to cert auth.....
    I use R75 Mgnt + Gw and microsoft2008 AD

    Set the authentication scheme to 'Undefined' for the users, that need to use cert auth.

  3. #3
    Join Date
    2008-08-20
    Location
    Germany
    Posts
    50
    Rep Power
    12

    Default Re: Cert based auth

    Quote Originally Posted by fluke View Post
    Set the authentication scheme to 'Undefined' for the users, that need to use cert auth.
    Hard to do this with users in active directory ? I think the only way would be for allowing only cert based auth for all users to change the supportet auth schemes of the vpn gateway object ? Does normal ldap auth belong to scheme "checkpoint password" ? I suppose a mixture within one gateway would not be possible.....

  4. #4
    Join Date
    2011-04-24
    Posts
    13
    Rep Power
    0

    Default Re: Cert based auth

    Quote Originally Posted by pebbles5 View Post
    Hard to do this with users in active directory ? I think the only way would be for allowing only cert based auth for all users to change the supportet auth schemes of the vpn gateway object ? Does normal ldap auth belong to scheme "checkpoint password" ? I suppose a mixture within one gateway would not be possible.....
    On the LDAP account unit you can configure a default authentication scheme for the ldap users, you can also create user templates and assign authentication scheme there.

Similar Threads

  1. Cert based VPN
    By dub_boy2k in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 3
    Last Post: 2009-11-26, 08:59
  2. Client Auth requests Cert
    By Brittin_C in forum Authentication
    Replies: 1
    Last Post: 2008-06-12, 14:00
  3. Shared to Cert Based VPN
    By SuperD in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 2
    Last Post: 2008-01-24, 12:47
  4. User Auth working as Session Auth
    By sergioaf in forum Authentication
    Replies: 2
    Last Post: 2007-01-31, 13:39
  5. Replies: 0
    Last Post: 2005-08-14, 11:58

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •