Re: [FW-1] securemote auto-logon with certificate?

Subject:	Re: [FW-1] securemote auto-logon with certificate?
From:	fwguru <fwguru AT GMAIL DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 27 Apr 2005 16:47:19 -0400

Sounds like an ideal situation for SSL Network Extender (SNX).  Use
the self-registration process to create certs for auth, import the
cert into user's IE, create an IE shorcut that points to the VPN
Gateway (HTTPS), and certificate authentication is passed-through
without prompting for credentials.  It works with OfficeMode too.
Also, no fussing with vpn client software.

I would not recommend this for laptop users without an eToken or
something that will store the cert off of the hard disk.


-fwguru



On 4/26/05, Sascha Picchiantano <s.pic AT espique DOT de> wrote:
> Hi,
>
> my customer wants to have a client pc for "dummies", those you can't
> explain how to start a vpn client and enter a password to connect. is
> there a way to have securemote automatically log into the firewall
> without the need for client input? I was thinking about putting a
> certificate on a usb stick and combine that with the autologon feature.
>
> any thoughts on this?
>
> thanks,
> sascha
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] securemote auto-logon with certificate?, Sascha Picchiantano Re: [FW-1] securemote auto-logon with certificate?, fwguru <=

Previous by Date:	Re: [FW-1] Routing entries not showing up in routing table, Hill, Lindsay, VF-NZ
Next by Date:	Re: [FW-1] Dual ISP Firewall Design Question, John Sims
Previous by Thread:	[FW-1] securemote auto-logon with certificate?, Sascha Picchiantano
Next by Thread:	[FW-1] WG: Smart Update Error: Not enough Diskspace, Henning Schlage
Indexes:	[Date] [Thread] [Top] [All Lists]