https://community.checkpoint.com/t5/Firewall-and-Security-Management/Duo-setup-with-VPN-remote-access/m-p/97539#M11029 <P>Thanks, is there a way to perform a push option without using the "Password,push"&nbsp;</P><P>I find it quite annoying and I would be happy to allow a seamless and cleaner user experience to our users&nbsp;</P> Fri, 25 Sep 2020 13:34:41 GMT Shahar_Grober 2020-09-25T13:34:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Duo-setup-with-VPN-remote-access/m-p/87958#M11024 <P>My goal is to primary auth the user with LDAP then second auth with a duo push. Although the confusing part is there is RADIUS configuration required, even though I only want to use LDAP w/ Duo. Not sure I understand why but any configuration examples would be helpful!!&nbsp;</P><P>Here is mine today:</P><P>&nbsp;</P><P>[ad_client]<BR />host=1.2.3.4 (AD server IP)<BR />service_account_username=ad-admin<BR />service_account_password=ad-admin-password<BR />search_dn=DC=domain,DC=com<BR />security_group_dn="CN=Duo Checkpoint VPN,OU=Groups,DC=domain,DC=com"</P><P>[radius_server_auto]<BR />ikey=ikey_from_duo_console<BR />skey=skey_from_duo_console<BR />api_host=api-123456789.duosecurity.com<BR />radius_ip_1=checkpoint_gw1<BR />radius_ip_2=checkpoint_gw2<BR />radius_secret_1=secret1<BR />radius_secret_2=secret2<BR />client=ad_client<BR />port=1812<BR />failmode=secure</P><P>&nbsp;</P><P>I am seeing the firewall logs that the radius server is not responding, but I am guess that just means it cannot properly authenticate my account. I know network-wise the gateways can reach the Duo proxy server.&nbsp;</P> Wed, 10 Jun 2020 18:16:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Duo-setup-with-VPN-remote-access/m-p/87958#M11024 Tim_McColgan 2020-06-10T18:16:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Duo-setup-with-VPN-remote-access/m-p/88474#M11025 Have you followed the guide Duo has for this? <A href="https://duo.com/docs/checkpoint" target="_blank">https://duo.com/docs/checkpoint</A> Sun, 14 Jun 2020 07:52:47 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Duo-setup-with-VPN-remote-access/m-p/88474#M11025 PhoneBoy 2020-06-14T07:52:47Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Duo-setup-with-VPN-remote-access/m-p/91478#M11026 <P>I did, after a few tweaks I am up and working. Crazy enough, my fix was to remove the double quotes from the security dn.&nbsp;</P><P>&nbsp;</P><P>security_group_dn=CN=Duo Checkpoint VPN,OU=Groups,DC=domain,DC=com</P> Tue, 14 Jul 2020 13:46:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Duo-setup-with-VPN-remote-access/m-p/91478#M11026 Tim_McColgan 2020-07-14T13:46:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Duo-setup-with-VPN-remote-access/m-p/97530#M11027 <P>Hi Tim,</P><P>&nbsp;</P><P>did you manage to get the Duo work with Push instead of OTP?</P> Fri, 25 Sep 2020 10:29:31 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Duo-setup-with-VPN-remote-access/m-p/97530#M11027 Shahar_Grober 2020-09-25T10:29:31Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Duo-setup-with-VPN-remote-access/m-p/97538#M11028 Yes! Fri, 25 Sep 2020 13:26:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Duo-setup-with-VPN-remote-access/m-p/97538#M11028 Tim_McColgan 2020-09-25T13:26:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Duo-setup-with-VPN-remote-access/m-p/97539#M11029 <P>Thanks, is there a way to perform a push option without using the "Password,push"&nbsp;</P><P>I find it quite annoying and I would be happy to allow a seamless and cleaner user experience to our users&nbsp;</P> Fri, 25 Sep 2020 13:34:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Duo-setup-with-VPN-remote-access/m-p/97539#M11029 Shahar_Grober 2020-09-25T13:34:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Duo-setup-with-VPN-remote-access/m-p/97543#M11030 <P>Yes, in the [radius_server_auto] portion of your&nbsp;authproxy.cfg file you would just add this:&nbsp;<BR /><BR />factors = push</P><P>&nbsp;</P><P>You can add many factors to it, but I prefer and only use push.&nbsp;</P> Fri, 25 Sep 2020 14:07:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Duo-setup-with-VPN-remote-access/m-p/97543#M11030 Tim_McColgan 2020-09-25T14:07:14Z