VPN 2FA SMS Authentication via GSM Provider API - Parameter Matching Issue

Madmaks — Wed, 15 Jan 2025 11:33:35 GMT

Hello,

We are currently using Check Point R81.20 for VPN access, and we are performing primary authentication with username and password. However, we would like to implement secondary authentication via SMS using SMS Provider API. (Provider Name NetGSM)

Our issue involves the mismatch of parameter names between Check Point’s intended API request and the parameters expected by Netgsm. The two systems require different parameter names, and we need to ensure they match correctly.

Details:

Check Point API URL Format:
Check Point intends to use the following URL format for SMS authentication
https://api.example.com/http/sendmsg?api_id=$APIID&user=$USERNAME&password=$PASSWORD&to=$PHONE&text=$MESSAGE
The parameters used in this URL are:
- api_id=$APIID: API ID.
- user=$USERNAME: API username.
- password=$PASSWORD: API password.
- to=$PHONE: Phone number to send the SMS to.
- text=$MESSAGE: The message body to send (e.g., the OTP code)
Netgsm (sms Provider) API URL Format:
Netgsm’s API expects the following URL format:
https://api.netgsm.com.tr/sms/send/otp?usercode=$USERCODE&password=$PASSWORD&msgheader=$MSGHEADER&msg=$MESSAGE&no=$PHONE
The parameters in Netgsm's API are:
- usercode=$USERCODE: Netgsm API username.
- password=$PASSWORD: Netgsm API password.
- msgheader=$MSGHEADER: Message header (optional).
- msg=$MESSAGE: The message body to send (e.g., the OTP code).
- no=$PHONE: Phone number to send the SMS to.

Issue:

The parameter to=$PHONE used by Check Point in its API request is mismatched with no=$PHONE in Netgsm's API. Additionally, other parameters such as username, password, and message content are also named differently. This mismatch prevents the systems from correctly processing the SMS request.

The SMS provider, Netgsm, has stated that they cannot modify their format, and we are required to comply with their format.

Re: VPN 2FA SMS Authentication via GSM Provider API - Parameter Matching Issue

G_W_Albrecht — Wed, 15 Jan 2025 12:28:00 GMT

Afaik the values for e.g. Phone number are sent, not the parameter names !

Re: VPN 2FA SMS Authentication via GSM Provider API - Parameter Matching Issue

Madmaks — Wed, 15 Jan 2025 12:34:17 GMT

Hello,

Thank you for your response.

Yes, the phone number is being sent, but the issue is that Check Point expects the phone number to be sent as to=$PHONE, while the SMS provider (Netgsm) expects it to be in the format of no=$PHONE.

We need to map the phone number correctly from to=$PHONE in Check Point to no=$PHONE in the Netgsm API.

Thank you.

topic Re: VPN 2FA SMS Authentication via GSM Provider API - Parameter Matching Issue in Firewall and Security Management

VPN 2FA SMS Authentication via GSM Provider API - Parameter Matching Issue

Details:

Issue:

Re: VPN 2FA SMS Authentication via GSM Provider API - Parameter Matching Issue

Re: VPN 2FA SMS Authentication via GSM Provider API - Parameter Matching Issue