topic Re: OTP (with sms) for Remote VPN in Firewall and Security Management

OTP (with sms) for Remote VPN

Madmaks — Thu, 12 Dec 2024 18:58:13 GMT

Hi,

I want to configure 2FA (OTP with sms) for Remote VPN.

We are using Endpoint 88.32. And we have sms provider.

I need SK or document for this configuration. Yes I found some of documents but i am not sure it is correct or not. Please help me about this subject.

Regards

R81.20 and Take 90

OTP (with sms) for Remote VPN

CheckMatesAI — Thu, 12 Dec 2024 19:26:01 GMT

This answer is provided by Infinity AI Copilot and should be confirmed by reviewing official documentation in Support Center.

To configure 2FA (OTP with SMS) for Remote VPN using Check Point R81.20 and Endpoint 88.32, you can follow these steps:

Enable Two-Factor Authentication:
- In SmartConsole, go to Security Policies > Shared Policies > Mobile Access and open the Mobile Access Policy in SmartDashboard.
- Navigate to the Authentication section.
- Check the option to require users to confirm their identity using Two-Factor Authentication.
Configure DynamicID Settings:
- In the Dynamic ID Settings section, click Edit.
- Enter the necessary details for your SMS provider, such as the API ID, username, password, and the message format.
- Example URL format for SMS:
```
https://api.example.com/http/sendmsg?api_id=$APIID&user=$USERNAME&password=$PASSWORD&to=$PHONE&text=$MESSAGE 
```
- Ensure that the phone numbers for users are correctly configured in the system, including the country code.
Install the Policy:
- After configuring the settings, save the changes and install the policy to apply the configuration.

For more detailed instructions, you can refer to the R81.20 Mobile Access Administration Guide.

If you have any specific questions or need further assistance, feel free to ask!

Re: OTP (with sms) for Remote VPN

AkosBakos — Fri, 13 Dec 2024 11:26:01 GMT

Hi @Madmaks

Who will provide the second factor? A simple SMS gateway is not enough for this. There is no built is feature for this service.

Solutions:

Microsoft MFA
RSA Authentication Manager
FortiAuthenticator

Can be a good choise.

Do you know any of them?

Akos

Re: OTP (with sms) for Remote VPN

Madmaks — Fri, 13 Dec 2024 20:18:50 GMT

Hi @AkosBakos

We have sms provider s it is not gatewal. They are giving API for OTP.

By the way, checkpoint has native feature for sms OTP. You can reach it under the Multi Login as you can see below.

And for your suggestion solutions I think we will need radius server rigt?

Re: OTP (with sms) for Remote VPN

AkosBakos — Fri, 13 Dec 2024 20:29:14 GMT

Hi,

I confess for you, I never use this feature earlier. So sorry about the not accurate info.

Do a comparsion what are the weaknesses of the simple SMS.

Nowadays the Microsoft MFA is the trend.

Re: OTP (with sms) for Remote VPN

Madmaks — Fri, 13 Dec 2024 20:32:44 GMT

@AkosBakos Thank you for your interesting.

Do you have any advise documentation or SK for Microsoft MFA?

BTW we are using Active Directory 2008 and DC is Windows 2008. Olsa we are using office 365 (there is no any on-prime exchange)

What we need for microsoft MFA?

Re: OTP (with sms) for Remote VPN

AkosBakos — Fri, 13 Dec 2024 21:02:37 GMT

Hi,

Win 2008 is not supported. First upgrade it!

second:

check this

https://support.checkpoint.com/results/sk/sk172909

Re: OTP (with sms) for Remote VPN

Madmaks — Fri, 13 Dec 2024 21:38:40 GMT

Actually I don't want use SAML, just planing use OTP (microsoft authenticator) for second password

Re: OTP (with sms) for Remote VPN

Madmaks — Fri, 13 Dec 2024 22:11:20 GMT

I will try solution under this link even old document

https://community.checkpoint.com/t5/Remote-Access-VPN/Check-Point-EndPoint-Security-VPN-with-Azure-AD-and-Microsoft/m-p/81473#M3104

Re: OTP (with sms) for Remote VPN

Madmaks — Fri, 13 Dec 2024 23:03:36 GMT

Microsoft stopped offering MFA Server on July 1, 2019.

Re: OTP (with sms) for Remote VPN

AkosBakos — Sun, 15 Dec 2024 11:16:26 GMT

What? Are you kidding, are you?

https://www.microsoft.com/en-ca/security/business/identity-access/microsoft-entra-mfa-multi-factor-authentication

A lot of company uses for MFA, out company too.

Re: OTP (with sms) for Remote VPN

Madmaks — Mon, 16 Dec 2024 09:27:34 GMT

https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfaserver-dir-radius