topic Re: 2FA: Username/Password + Certificate for SNX Users in SASE and Remote Access

2FA: Username/Password + Certificate for SNX Users

CheckPointerXL — Wed, 08 Sep 2021 08:18:16 GMT

Hi all,

our customer wanna improve 2FA authentication for his users connected from SNX.

Is this possible?

Following sk86240 it seems possible, but i'm not sure if that's possible through GuiDBedit Tool like described.

Thank you

Re: 2FA: Username/Password + Certificate for SNX Users

G_W_Albrecht — Wed, 08 Sep 2021 09:27:13 GMT

Please note that sk86240 is outdated as the most recent supported version in R77.30 ! This depends - Legacy SNX (no Mobile Access Portal / Blade enabled) can not use 2FA, see sk111583: Mobile Access and VPN clients supporting Multiple Login Options and Mobile Access R80.10 Administration Guide

Re: 2FA: Username/Password + Certificate for SNX Users

CheckPointerXL — Wed, 08 Sep 2021 09:55:22 GMT

Thank you for the reply Albrecht

MAB is enabled, what is not clear to me is: Certificate+Username/passwd means AND or OR ?

last question, is possible to set a maximum number of login attempts in case only Username/Passwd is enabled?

thanks!

Re: 2FA: Username/Password + Certificate for SNX Users

CheckPointerXL — Wed, 08 Sep 2021 16:40:00 GMT

TAC answered me about second question:

There's not currently a built in feature to reject connections after a certain number of failed login attempts for local users. However, if you're using LDAP users this can be configured on the Active Directory to lock the account after a certain number of failed attempts. Please let us know if you have any more questions or concerns regarding this issue.

hope this helps

Re: 2FA: Username/Password + Certificate for SNX Users

G_W_Albrecht — Thu, 09 Sep 2021 06:57:58 GMT

Means AND - 2FA.