0

my client company just modified their Checkpoint VPN to integrate with ISAM Passport now.

This ruins all of us Linux user since we can not connect via snx anymore. Could someone please help us how to connect to Checkpoint VPN with passport using snx?

We don't want to move to Windows OS, and we can't also move to Mac since it is too expensive.. :(

Any help would be extremely much appreciated. Thank you

Here is the screenshot of the checkpoint vpn client in Windows OS, it uses passport make the snx doesn't work anymore

Jacky Supit
  • 101
  • 2

1 Answers1

1

I have the same problem as yours. I used to connect to CheckPoint VPN using snx inside a docker, but then it is useless due to passport integration. Until now I also couldn't find the solution (using snx) yet.

But here is what I did to resolve the issue.

  • Running a Linux server with GUI environment, I installed Windows OS in a KVM (virtual machine)
  • Install latest version of CheckPoint app and configure the settings for using the passport authentication method
  • Install ssh client inside the Windows and create a batch file to:
    • detect VPN has been established or not
    • use task scheduler to run SSH to create port forwarding between Windows localhost with remote server whenever the VPN was up
  • Configure Windows firewall to allow port being accessed from Linux host (or you can disable the Windows firewall completely)
  • And finally configure port forwarding (iptables, using Webmin) in the Linux host to allow other (Linux) users in the same network as the Linux server for accessing the remote node via Windows VM

Looks complicated but it works. No need for single Linux users to connect to CheckPoint individually. Just need a dedicated (Linux) server running Windows VM (or a Windows PC is also OK I think) to connect to CheckPoint VPN, and other Linux users just need to use it as the gateway (using the port forwarding).

Hope this can solve your issue. No need to migrate all Linux users to use Windows or Mac. But still need to put a budget and effort for preparing such gateway though. It's up to you which one is cheaper and efficient.

swippy
  • 11
  • 1
  • thank you, that sounds like a very big gun to kill my problem :) But I do appreciate it though. Unfortunately I use it to work for me alone at home not for a full team, building a new computer to work as a gateway would be another problem for me. Anyway thank you for sharing your thought, might use it someday. – Jacky Supit Sep 03 '21 at 02:08