https://community.checkpoint.com/t5/SASE-and-Remote-Access/Pros-and-Cons-of-different-2fa-methods-for-Remote-Access-VPN/m-p/15987#M12971 <HTML><HEAD></HEAD><BODY><P>Where is the thread below you want feedback to ? Besides, SNX and RA VPN client are two very different RA solutions, see for differences&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk67820&amp;partition=General&amp;product=Endpoint">sk67820: Check Point <STRONG>Remote</STRONG> <STRONG>Access</STRONG> Solutions</A>&nbsp;!</P></BODY></HTML> Wed, 14 Nov 2018 09:00:07 GMT G_W_Albrecht 2018-11-14T09:00:07Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Pros-and-Cons-of-different-2fa-methods-for-Remote-Access-VPN/m-p/15986#M12970 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>I need your feedback about the below thread.</P><P>Pros and Cons of different 2fa methods for Remote Access VPN for R80.20.</P><P>Option1</P><P>User Certificate+Domain username password with SNX</P><P>Option2</P><P>Domain username password + DynamicID (E-mail method) or SecureID with Remote Access VPN client</P><P></P><P>BR,<BR />Kostas</P></BODY></HTML> Tue, 13 Nov 2018 16:45:22 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Pros-and-Cons-of-different-2fa-methods-for-Remote-Access-VPN/m-p/15986#M12970 Konstantinos_In 2018-11-13T16:45:22Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Pros-and-Cons-of-different-2fa-methods-for-Remote-Access-VPN/m-p/15987#M12971 <HTML><HEAD></HEAD><BODY><P>Where is the thread below you want feedback to ? Besides, SNX and RA VPN client are two very different RA solutions, see for differences&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk67820&amp;partition=General&amp;product=Endpoint">sk67820: Check Point <STRONG>Remote</STRONG> <STRONG>Access</STRONG> Solutions</A>&nbsp;!</P></BODY></HTML> Wed, 14 Nov 2018 09:00:07 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Pros-and-Cons-of-different-2fa-methods-for-Remote-Access-VPN/m-p/15987#M12971 G_W_Albrecht 2018-11-14T09:00:07Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Pros-and-Cons-of-different-2fa-methods-for-Remote-Access-VPN/m-p/15988#M12972 <HTML><HEAD></HEAD><BODY><P>Hello </P><P></P><P>It would be interesting to compare 2FA between SNX and Remote Access VPN with client.</P><P></P><P>BR,</P><P>Kostas</P></BODY></HTML> Thu, 15 Nov 2018 08:08:03 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Pros-and-Cons-of-different-2fa-methods-for-Remote-Access-VPN/m-p/15988#M12972 Konstantinos_In 2018-11-15T08:08:03Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Pros-and-Cons-of-different-2fa-methods-for-Remote-Access-VPN/m-p/15989#M12973 <HTML><HEAD></HEAD><BODY><P>It would be more interesting to compare the customers needs to SNX and RA VPN capabilities, as 2FA is supported by both...</P></BODY></HTML> Thu, 15 Nov 2018 11:34:51 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Pros-and-Cons-of-different-2fa-methods-for-Remote-Access-VPN/m-p/15989#M12973 G_W_Albrecht 2018-11-15T11:34:51Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Pros-and-Cons-of-different-2fa-methods-for-Remote-Access-VPN/m-p/15990#M12974 <HTML><HEAD></HEAD><BODY><P>Hello Gunther</P><P></P><P>The needs are</P><P>1)only corporate laptop joined on the domain must be able to connect</P><P>2)most secure multifactor combination</P><P>3)less user disruption</P><P>4)end users are not administrators on their laptops</P><P>5)network vpn access must be the same when laptops are connected on the internal Network&nbsp;</P><P></P><P>Thank you&nbsp;</P><P>Kostas</P></BODY></HTML> Thu, 22 Nov 2018 19:46:14 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Pros-and-Cons-of-different-2fa-methods-for-Remote-Access-VPN/m-p/15990#M12974 Konstantinos_In 2018-11-22T19:46:14Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Pros-and-Cons-of-different-2fa-methods-for-Remote-Access-VPN/m-p/15991#M12975 <HTML><HEAD></HEAD><BODY><P>RA VPN client with Check Point VPN client certificate and AD account/PW (with cache) is a sure thing to work properly, this will also work when you need to use secondary connect.</P><P></P><P>Tokens as 2fa will never work with secondary connect as there is nothing to be able to cache and you will get a challenge for each other GW the secondary connect tries to contact. We had a case were there were multiple AD servers scattered throughout the network and the client was connecting to all 8 of them, asking the user 8 times for a challenge...</P></BODY></HTML> Thu, 22 Nov 2018 22:23:14 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Pros-and-Cons-of-different-2fa-methods-for-Remote-Access-VPN/m-p/15991#M12975 Maarten_Sjouw 2018-11-22T22:23:14Z