Introduction
This document explains how to configure and manage Check point Remote Access VPN integration with the PureAUTH Identity Platform and make Check point Remote Access VPN authentication Passwordless.
Prerequisite
- Check point security gateway:
- R80.40 with the R80.40 Jumbo hotfix accumulator, take 154 and higher.
- Check point security management or multi-domain Server:
- R80.40 with the R80.40 Jumbo hotfix accumulator, take 154 and higher.
- SmartConsole:
- R80.40 SmartConsole Releases – Build 432 or Higher.
Installation
- Install this Hotfix packages on the Management server.
- Install this Hotfix packages on the Security Gateways / each cluster member.
Note: If you are installing this release on Cluster Members or VPN Remote Access MEP members, you must make sure all members of a Cluster / MEP are the same. If you install this release on one Cluster / MEP member, you must do the same on all the members.
Follow the applicable installation procedure in sk168597.
Configurations
Step1 : Configure the Remote Access VPN
Note: Even if your Security Gateway is already configured to support Remote Access VPN, it is important to open the Security Gateway object and click OK to enable the SAML portal on the Security Gateway.
- Open the object of the applicable Security Gateway.
- On the General Properties page, enable the IPSec VPN Software Blade.
- From the left tree, click the IPSec VPN page.
- In the section This Security Gateway participates in the following VPN communities, click Add and select Remote Access Community.
- From the left tree, click VPN clients > Remote Access.
- Enable Support Visitor Mode.
- From the left tree, click VPN clients > Office Mode. (Optional)***
- Select Allow Office Mode and select the applicable Office Mode Method. (Optional)***
- From the left tree, click VPN Clients > SAML Portal Settings.
- Make sure the Main URL contains the fully qualified domain name of the gateway.
- Note: This domain name should end with a DNS suffix registered by your organization. For example: gateway1.company.com
- Make sure the Certificate is trusted by the end users’ browser.
- Click OK.
Step 2: Configure an Identity Provider object
Important – Do this step for each Security Gateway that participates in Remote Access VPN.
- Create a new Identity Provider object.
- In SmartConsole R80.40 and higher:
- New > More > Server > Identity provider