topic Re: central managed SMB Appliance 1900 and Azure Entra ID for RAS VPN in SASE and Remote Access

central managed SMB Appliance 1900 and Azure Entra ID for RAS VPN

Exonix — Fri, 18 Jul 2025 11:41:25 GMT

Hello,

we have central managed SMB Appliance 1900 R81.10.17 and I try to configure Azure Entra ID for RAS VPN
During the policy installation, I received an error message:

VPN Clients -> Authentication -> Multiple Authentication Clients Settings section cannot contain Multiple Login Option object (Azure_Entra_ID) that uses an Identity Provider as an authentication method. R81.10 and below Gateways are not supported with Identity Providers for VPN Clients Authentication. Please refer to sk172909

One official source says that SMBs do not support Entra ID at all:

Quantum Spark Appliances with Gaia Embedded OS are not supported.

But the SK indicated in the error says that it is possible under certain conditions:

For Quantum Spark Appliances (Gaia Embedded) R81.10.15 Firmware (R81.20 Management server required)

Did I understand correctly that you can enable Entra ID support using a script?

5. Script to Add SAML Note, for Quantum Spark Appliances (Gaia Embedded) devices, you may be required to re-run the script on the Management Server.

If yes, will it break the current LDAP authentication on the other gateway because the script runs on the management server? It's really very important to me.

Thank you in advance!

Re: central managed SMB Appliance 1900 and Azure Entra ID for RAS VPN

Chris_Atkinson — Fri, 18 Jul 2025 12:17:38 GMT

Per sk178604 did you change the default port for remote access?

Which Management Versions & Jumbo take?

Re: central managed SMB Appliance 1900 and Azure Entra ID for RAS VPN

Exonix — Fri, 18 Jul 2025 11:57:48 GMT

No, I can't even begin authentication because I can't apply the new policy changes and enable it. At the same time, I can see Azure users in the management Server

Re: central managed SMB Appliance 1900 and Azure Entra ID for RAS VPN

Chris_Atkinson — Fri, 18 Jul 2025 12:30:03 GMT

Did you follow this process or something else?

https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Centrally_Managed/EN/Content/Topics/Configuring-SAML-Identity-Provider-Centrally-Managed.htm?Highlight=SAML

Re: central managed SMB Appliance 1900 and Azure Entra ID for RAS VPN

PhoneBoy — Tue, 22 Jul 2025 13:12:30 GMT

It should not break anything with LDAP.

Re: central managed SMB Appliance 1900 and Azure Entra ID for RAS VPN

Exonix — Mon, 28 Jul 2025 14:08:56 GMT

thanks, it works!