<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Serveral question about Identity Awareness in VPN in SASE and Remote Access</title>
    <link>https://community.checkpoint.com/t5/SASE-and-Remote-Access/Serveral-question-about-Identity-Awareness-in-VPN/m-p/36372#M13877</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hi all,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;1. Identity Awareness VPN: when client dail to gw, which will authenticate with AD? GW or SMC? Or GW cached authentication message in local?&lt;BR /&gt;2. How to config two-factor authentication in VPN? If I want to config another factor is OTP in Mobile access VPN, CP only support RSA?&lt;BR /&gt;3. Can we config two-factor authentication only in Radius server?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Best Regards!&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Mon, 19 Mar 2018 03:05:11 GMT</pubDate>
    <dc:creator>Herschel_Liang</dc:creator>
    <dc:date>2018-03-19T03:05:11Z</dc:date>
    <item>
      <title>Serveral question about Identity Awareness in VPN</title>
      <link>https://community.checkpoint.com/t5/SASE-and-Remote-Access/Serveral-question-about-Identity-Awareness-in-VPN/m-p/36372#M13877</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hi all,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;1. Identity Awareness VPN: when client dail to gw, which will authenticate with AD? GW or SMC? Or GW cached authentication message in local?&lt;BR /&gt;2. How to config two-factor authentication in VPN? If I want to config another factor is OTP in Mobile access VPN, CP only support RSA?&lt;BR /&gt;3. Can we config two-factor authentication only in Radius server?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Best Regards!&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 19 Mar 2018 03:05:11 GMT</pubDate>
      <guid>https://community.checkpoint.com/t5/SASE-and-Remote-Access/Serveral-question-about-Identity-Awareness-in-VPN/m-p/36372#M13877</guid>
      <dc:creator>Herschel_Liang</dc:creator>
      <dc:date>2018-03-19T03:05:11Z</dc:date>
    </item>
    <item>
      <title>Re: Serveral question about Identity Awareness in VPN</title>
      <link>https://community.checkpoint.com/t5/SASE-and-Remote-Access/Serveral-question-about-Identity-Awareness-in-VPN/m-p/36373#M13878</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;In general, if you want to configure multi-factor authentication, RADIUS is the mechanism to do it.&lt;/P&gt;&lt;P&gt;Legacy SecurID is also supported, but even SecurID uses RADIUS these days.&lt;/P&gt;&lt;P&gt;The authentication occurs between the gateway and the&amp;nbsp;RADIUS (or SecurID) server.&lt;/P&gt;&lt;P&gt;If you want to require multiple authentication schemes (e.g. Certificates plus Password, be it with RADIUS or whatever), then refer to:&amp;nbsp;&lt;A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;amp;solutionid=sk86240&amp;amp;partition=Advanced&amp;amp;product=Mobile" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;amp;solutionid=sk86240&amp;amp;partition=Advanced&amp;amp;product=Mobile"&gt;Multiple Authentication Schemes for Mobile Access / Remote Access&lt;/A&gt;&amp;nbsp;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 19 Mar 2018 23:34:33 GMT</pubDate>
      <guid>https://community.checkpoint.com/t5/SASE-and-Remote-Access/Serveral-question-about-Identity-Awareness-in-VPN/m-p/36373#M13878</guid>
      <dc:creator>PhoneBoy</dc:creator>
      <dc:date>2018-03-19T23:34:33Z</dc:date>
    </item>
    <item>
      <title>Re: Serveral question about Identity Awareness in VPN</title>
      <link>https://community.checkpoint.com/t5/SASE-and-Remote-Access/Serveral-question-about-Identity-Awareness-in-VPN/m-p/36374#M13879</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;We want to use two-fator authentication in our production enviroment, mobile access vpn and Endpoint Security VPN. Which combinations need client license? THX!&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 20 Mar 2018 10:03:42 GMT</pubDate>
      <guid>https://community.checkpoint.com/t5/SASE-and-Remote-Access/Serveral-question-about-Identity-Awareness-in-VPN/m-p/36374#M13879</guid>
      <dc:creator>Herschel_Liang</dc:creator>
      <dc:date>2018-03-20T10:03:42Z</dc:date>
    </item>
    <item>
      <title>Re: Serveral question about Identity Awareness in VPN</title>
      <link>https://community.checkpoint.com/t5/SASE-and-Remote-Access/Serveral-question-about-Identity-Awareness-in-VPN/m-p/36375#M13880</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Mobile Access VPN uses Mobile Access licenses, which are based on concurrent users connected to gateway.&lt;/P&gt;&lt;P&gt;Endpoint Security VPN requires Endpoint Licenses, which are based on number of hosts installed.&lt;/P&gt;&lt;P&gt;The authentication you use isn't relevant to the above.&amp;nbsp;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 20 Mar 2018 14:21:48 GMT</pubDate>
      <guid>https://community.checkpoint.com/t5/SASE-and-Remote-Access/Serveral-question-about-Identity-Awareness-in-VPN/m-p/36375#M13880</guid>
      <dc:creator>PhoneBoy</dc:creator>
      <dc:date>2018-03-20T14:21:48Z</dc:date>
    </item>
    <item>
      <title>Re: Serveral question about Identity Awareness in VPN</title>
      <link>https://community.checkpoint.com/t5/SASE-and-Remote-Access/Serveral-question-about-Identity-Awareness-in-VPN/m-p/36376#M13881</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;OK, THX! Another about IA+VPN question, CP cooperate with Radius server(cooperate with LDAP+OTP), we want to input&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;username: LDAP username&lt;/P&gt;&lt;P&gt;PSW： &amp;nbsp; &amp;nbsp; &amp;nbsp;LDAPpsw+OTP &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;in VPN authentication login.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="color: #2e3033; background-color: #f9fbfc; font-weight: 200; font-size: 13px;"&gt;Can it come true in CP?&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 22 Mar 2018 02:29:57 GMT</pubDate>
      <guid>https://community.checkpoint.com/t5/SASE-and-Remote-Access/Serveral-question-about-Identity-Awareness-in-VPN/m-p/36376#M13881</guid>
      <dc:creator>Herschel_Liang</dc:creator>
      <dc:date>2018-03-22T02:29:57Z</dc:date>
    </item>
    <item>
      <title>Re: Serveral question about Identity Awareness in VPN</title>
      <link>https://community.checkpoint.com/t5/SASE-and-Remote-Access/Serveral-question-about-Identity-Awareness-in-VPN/m-p/36377#M13882</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P class=""&gt;The SK I linked in my original response explains how the VPN client supports multiple authentication schemes (specifically how to require more than one).&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 22 Mar 2018 04:13:06 GMT</pubDate>
      <guid>https://community.checkpoint.com/t5/SASE-and-Remote-Access/Serveral-question-about-Identity-Awareness-in-VPN/m-p/36377#M13882</guid>
      <dc:creator>PhoneBoy</dc:creator>
      <dc:date>2018-03-22T04:13:06Z</dc:date>
    </item>
  </channel>
</rss>

