topic Enabling SecureID Authentication on MobileAccess in SASE and Remote Access https://community.checkpoint.com/t5/SASE-and-Remote-Access/Enabling-SecureID-Authentication-on-MobileAccess/m-p/148787#M6801 <P>Hi,</P><P>on a&nbsp; ClusterXL Installation with R81 HF65 we want to use SecureID Authentication with SoftTokens on Mobile-Access / VPN-RAS.</P><P>The AM-Server ist setup and a SoftToken-Test from an iPhone is succesful.</P><P>We use the UDP-Agent Variant (no Radius).</P><P>The Authentication-Agent File sdconf.rec is distributed to both Gateways.</P><P>However the Gateways never send one Paket to the AM-Server on Authentication through the VPN-Portal.</P><P>The ACE-Server is correctly defined under Servers.</P><P>DNS-Resolution is ok from IP to FQDN and vice versa.</P><P>The correct Atuhentication Profile is shown in the VPN-Portal.</P><P>The LOG-Viewer only says:&nbsp;</P><P>Category: Session<BR />Event Type: Login<BR />Name: Mobile Access Portal<BR />Version: R81<BR />User: xxxxxxxxxx@domain.com<BR />Authentication Method: SecurID<BR />Login Option: New Login Option with Token<BR />Failed Login Factor Number:1<BR />OS Name: Windows<BR />OS Version: 10.0<BR />Browser: Edge Chromium<BR />Re-authentication every:<BR />Login Timestamp: 2022-05-17T10:06:55Z<BR />Source Country: Germany<BR />Source: xxx.xxx.xxx.xxx<BR />Source Port: 59913<BR />IP Protocol: 6<BR />Destination Port: 443<BR />Data Protocol: SSL<BR /><STRONG>Status: Failure</STRONG><BR /><STRONG>Reason: Unknown user</STRONG><BR />Suppressed Logs: 0<BR />Mobile Access Session UID: 628373BF-0001-...<BR /><STRONG>Action: Failed Log In</STRONG><BR />Type: Log<BR />Blade: Mobile Access<BR />Service: TCP/443<BR />Product Family: Access<BR />Marker: @A@@B@1652738400@C@1340235<BR />Log Server Origin: 10.241.0.2<BR />Origin Log Server IP: 10.241.0.2<BR />Index Time: 2022-05-17T10:06:55Z<BR />Lastupdatetime: 1652782015000<BR />Lastupdateseqnum: 28<BR />Severity: Informational<BR />Confidence Level: N/A<BR />Stored: true<BR />OS: Windows 10.0<BR />Login Option Factors: SecurID</P><P>&nbsp;</P><P>The only thing I have not done yet is to do a CPStop/CPStart on the Gateways after defining the SecureID-Server and pushing the Policy.</P><P>Is this a mandatory Step? I did not find anything about that.</P><P>&nbsp;</P><P>Thank you</P><P>Joachim Brandt</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 17 May 2022 10:18:51 GMT JoBr 2022-05-17T10:18:51Z Enabling SecureID Authentication on MobileAccess https://community.checkpoint.com/t5/SASE-and-Remote-Access/Enabling-SecureID-Authentication-on-MobileAccess/m-p/148787#M6801 <P>Hi,</P><P>on a&nbsp; ClusterXL Installation with R81 HF65 we want to use SecureID Authentication with SoftTokens on Mobile-Access / VPN-RAS.</P><P>The AM-Server ist setup and a SoftToken-Test from an iPhone is succesful.</P><P>We use the UDP-Agent Variant (no Radius).</P><P>The Authentication-Agent File sdconf.rec is distributed to both Gateways.</P><P>However the Gateways never send one Paket to the AM-Server on Authentication through the VPN-Portal.</P><P>The ACE-Server is correctly defined under Servers.</P><P>DNS-Resolution is ok from IP to FQDN and vice versa.</P><P>The correct Atuhentication Profile is shown in the VPN-Portal.</P><P>The LOG-Viewer only says:&nbsp;</P><P>Category: Session<BR />Event Type: Login<BR />Name: Mobile Access Portal<BR />Version: R81<BR />User: xxxxxxxxxx@domain.com<BR />Authentication Method: SecurID<BR />Login Option: New Login Option with Token<BR />Failed Login Factor Number:1<BR />OS Name: Windows<BR />OS Version: 10.0<BR />Browser: Edge Chromium<BR />Re-authentication every:<BR />Login Timestamp: 2022-05-17T10:06:55Z<BR />Source Country: Germany<BR />Source: xxx.xxx.xxx.xxx<BR />Source Port: 59913<BR />IP Protocol: 6<BR />Destination Port: 443<BR />Data Protocol: SSL<BR /><STRONG>Status: Failure</STRONG><BR /><STRONG>Reason: Unknown user</STRONG><BR />Suppressed Logs: 0<BR />Mobile Access Session UID: 628373BF-0001-...<BR /><STRONG>Action: Failed Log In</STRONG><BR />Type: Log<BR />Blade: Mobile Access<BR />Service: TCP/443<BR />Product Family: Access<BR />Marker: @A@@B@1652738400@C@1340235<BR />Log Server Origin: 10.241.0.2<BR />Origin Log Server IP: 10.241.0.2<BR />Index Time: 2022-05-17T10:06:55Z<BR />Lastupdatetime: 1652782015000<BR />Lastupdateseqnum: 28<BR />Severity: Informational<BR />Confidence Level: N/A<BR />Stored: true<BR />OS: Windows 10.0<BR />Login Option Factors: SecurID</P><P>&nbsp;</P><P>The only thing I have not done yet is to do a CPStop/CPStart on the Gateways after defining the SecureID-Server and pushing the Policy.</P><P>Is this a mandatory Step? I did not find anything about that.</P><P>&nbsp;</P><P>Thank you</P><P>Joachim Brandt</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 17 May 2022 10:18:51 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Enabling-SecureID-Authentication-on-MobileAccess/m-p/148787#M6801 JoBr 2022-05-17T10:18:51Z