Remote-access Guide

checkpoint remote access vpn certificate authentication

by Valentin Schumm Published 3 years ago Updated 2 years ago
image

From Menu, click Global Properties. From the navigation tree, click Remote Access >VPN Authentication. In the Support authentication methods section, select Pre-Shared Secret (For SecuRemote client / SecureClient users).

Full Answer

How do I configure a remote access VPN?

Check Point 's ICA is tightly integrated with VPN and is the easiest way to configure a Remote Access VPN. The ICA can issue certificates both to Security Gateways (automatically) and to remote users (generated or initiated). Generate digital certificates easily in SmartConsole > Security Policies > Access Tools > Client Certificates.

How to authenticate a VPN endpoint with an external certificate?

In the VPN endpoint client side, choose authentication method as 'Certificate - P12' or 'Certificate - CAPI' and use the '.p12' or '.pfx' file generated/signed by the external CA that has been imported.

How do I configure forsecuremote VPN authentication?

From Menu, click Global Properties. From the navigation tree, click Remote Access >VPN Authentication. In the Support authentication methods section, select Pre-Shared Secret (ForSecuRemote client / SecureClient users). Click OK. Configure the Authentication settings for each applicable user: From the Objects Bar, double-click the user.

What are the authentication methods supported for remote access?

During the authentication process, both the client and Security Gateway verify that the other party knows the agreed-upon password. These user authentication methods are supported for remote access. Security Gateway Password - Users enter their password that are on the Security Gateway.

image

Client- Security Gateway Authentication Schemes

Authentication is a key factor in establishing a secure communication channel among Security Gateways and remote clients. Various authentication methods are available, for example:

Multiple Login Options for R80 .xx Gateways

On Mobile Access and IPsec VPN Security Gateways that run R80.10 and higher versions, you can configure multiple login options. The options can be different for each Security Gateway and each supported Software Blade, and for some client types. Users select one of the available options to log in with a supported client.

Internal User Database vs. External User Database

Remote Access functionality includes a flexible user management scheme. Users are managed in a number of ways:

Defining User and Authentication Methods in LDAP

Obtain and install a license that enables the VPN module to retrieve information from an LDAP server.

Using a Pre-Shared Secret

When using pre-shared secrets, the remote user and Security Gateway authenticate each other by verifying that the other party knows the shared secret: the user's password.

Working with RSA Hard and Soft Tokens

If you use SecurID for authentication, you must manage the users on RSA's ACE management server. ACE manages the database of RSA users and their assigned hard or soft tokens. The client contacts the site's Security Gateway. The Security Gateway contacts the ACE Server for user authentication information. This means:

Enabling Hybrid Mode and Methods of Authentication

Hybrid mode allows the Security Gateway and remote access client to use different methods of authentication.

image
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9