This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
chuka01
Contributor
‎2026-03-24 12:07 AM
Jump to solution

Enabling 2FA on Remote Access VPN Gateway for Vendors

We have a customer who uses a gateway (it is in a cluster, but is the only cluster member) for remote access VPN, for both staff and vendors. Staff login with their domain credentials and their authentication method is a RADIUS server with 2FA enabled. Vendors authenticate with their checkpoint account password into a server where they have to input another set of domain credentials.

Now this customer wants to enable 2FA for those vendor accounts, and I suggested dynamicID with the OTP sent to the vendor's emails. I am thinking that enabling dynamicID on the gateway will also require their staff accounts for another 2FA code, which makes the workflow more inconvenient for staff. Can anyone help with a safe and secure way to enable 2FA just for vendor accounts? Thank you.

0 Kudos
2 Solutions

Accepted Solutions
simonemantovani
MVP Silver
MVP Silver
‎2026-03-24 12:31 AM
Jump to solution

Hello

did you evaluate to configure the multiple login option and create a specific authentication mode for thi vendors? When configured, they could change the authentication settings into their VPN client to use this new authentication mode.

Here are the steps from the admin guide: https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_MobileAccess_AdminGuide/Content/To...

(it R82 version, and specific for the Mobile Access, but it's the same also on previous versions, and multiple login option can be configured also under the VPN clients section).

View solution in original post

0 Kudos
PhoneBoy
Admin
Admin
‎2026-03-24 04:32 PM
In response to chuka01
Jump to solution

If you don't want it to apply to staff, you will need to add DynamicID as part of Multiple Login Options instead.

View solution in original post

0 Kudos
3 Replies
simonemantovani
MVP Silver
MVP Silver
‎2026-03-24 12:31 AM
Jump to solution

Hello

did you evaluate to configure the multiple login option and create a specific authentication mode for thi vendors? When configured, they could change the authentication settings into their VPN client to use this new authentication mode.

Here are the steps from the admin guide: https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_MobileAccess_AdminGuide/Content/To...

(it R82 version, and specific for the Mobile Access, but it's the same also on previous versions, and multiple login option can be configured also under the VPN clients section).

0 Kudos
chuka01
Contributor
‎2026-03-24 12:39 AM
In response to simonemantovani
Jump to solution

Hello Simon,

Thanks for responding. Yes, i have created a username and password + dynamicID authentication method under mobile access > authentication on the specific gateway. I am trying to enforce this, and not make it an option. WIll this change not make staff need a 2nd OTP from their email? as they already authenticate via a RADIUS Server + OTP.

0 Kudos
PhoneBoy
Admin
Admin
‎2026-03-24 04:32 PM
In response to chuka01
Jump to solution

If you don't want it to apply to staff, you will need to add DynamicID as part of Multiple Login Options instead.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events