https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225423#M11326 <P>When support has expired it is not an option.<BR />Currently getting prices to get support again.</P> Tue, 03 Sep 2024 09:11:15 GMT toha 2024-09-03T09:11:15Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225105#M11293 <P>Users are unable to login to VPN with Radius with Azure MFA extension installed. Users receive 3 text messages but are not able to type in the numbers. Users are prompted with "Access denied - wrong username and password"</P><P>We use&nbsp;<SPAN>Quantum Spark 1570 Appliance and Check Point VPN client.</SPAN></P><P><SPAN>If I disable MFA extension users are also prompted with&nbsp;"Access denied - wrong username and password"</SPAN></P> Fri, 30 Aug 2024 09:23:48 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225105#M11293 toha 2024-08-30T09:23:48Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225114#M11294 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/91817">@toha</a>&nbsp;</P> <P>This auth method ever worked before?</P> <P>Akos</P> Fri, 30 Aug 2024 11:20:00 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225114#M11294 AkosBakos 2024-08-30T11:20:00Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225117#M11295 <P>Is the appliance locally or centrally managed and which firmware version/build is used?</P> Fri, 30 Aug 2024 11:30:10 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225117#M11295 Chris_Atkinson 2024-08-30T11:30:10Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225129#M11297 <P>Agree with the questions guys asked, we need bit more details.</P> <P>Andy</P> Fri, 30 Aug 2024 12:53:22 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225129#M11297 the_rock 2024-08-30T12:53:22Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225160#M11299 <P>Most likely it is because of the mitigations related to BLAST RADIUS:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk182516" target="_blank">https://support.checkpoint.com/results/sk/sk182516</A>&nbsp;<BR />To the best of my knowledge, we have not implemented&nbsp;<SPAN>RADIUS Message-Authentication on the Check Point side, at least outside of the context of a specific fix from TAC.<BR /></SPAN>Please open a TAC case: <A href="https://help.checkpoint.com" target="_blank">https://help.checkpoint.com</A>&nbsp;</P> Fri, 30 Aug 2024 17:24:48 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225160#M11299 PhoneBoy 2024-08-30T17:24:48Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225414#M11324 <P>Hi guys</P><P>Sorry for the lack of details in my question, I was pushed from all directions to get this issue resolved.<BR />I have found a Check Point SK that descripes the issue and provides a fix.</P><P><A href="https://support.checkpoint.com/results/sk/sk42184" target="_blank" rel="noopener">RADIUS authentication fails (checkpoint.com)</A></P><P>but the solution is not available in R81.10 '<EM><STRONG>VPN Remote Access - RADIUS attribute to be ignored'&nbsp;</STRONG></EM>is not visible.</P> Tue, 03 Sep 2024 08:01:12 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225414#M11324 toha 2024-09-03T08:01:12Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225420#M11325 <P>As <SPAN class="UserName lia-user-name lia-user-rank-Admin lia-component-message-view-widget-author-username"><A id="link_c90c8f62432dd" class="lia-link-navigation lia-page-link lia-user-name-link" style="color: #000000;" href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7" target="_self" aria-label="View Profile of PhoneBoy"></A><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a></SPAN> <SPAN class="UserName lia-user-name lia-user-rank-Admin lia-component-message-view-widget-author-username">&nbsp;wrote: Open a TAC case !</SPAN></P> Tue, 03 Sep 2024 09:02:28 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225420#M11325 G_W_Albrecht 2024-09-03T09:02:28Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225423#M11326 <P>When support has expired it is not an option.<BR />Currently getting prices to get support again.</P> Tue, 03 Sep 2024 09:11:15 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225423#M11326 toha 2024-09-03T09:11:15Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225427#M11328 <P>Usually, the 30 days grace period is enough time to renew it.</P> Tue, 03 Sep 2024 10:41:11 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225427#M11328 G_W_Albrecht 2024-09-03T10:41:11Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225445#M11331 <P>I know but we are talking years here <span class="lia-unicode-emoji" title=":grinning_face_with_smiling_eyes:">😄</span><BR /><BR /></P> Tue, 03 Sep 2024 12:15:50 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225445#M11331 toha 2024-09-03T12:15:50Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225449#M11335 <P>This will cost a lot as you have to pay for the time without support. Also, without services the SMB is pretty useless from a security standpoint - VPN can be created witth software, too, and you are not allowed to upgrade to a new firmware version.</P> Tue, 03 Sep 2024 12:34:37 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Radius-authentication-broken/m-p/225449#M11335 G_W_Albrecht 2024-09-03T12:34:37Z