This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Prabulingam_N1
Advisor
‎2019-02-10 09:56 PM

2-Factor Authentication in CheckPoint with smtp.Office365.com

Dear CheckMates,

I would like to get some inputs on the below.

1. In CheckPoint GW R77.30 managed by R80.10 Mgmt server - MobileBlade configured.

2. Configured 2FA for DynamicId

3. SMTP server is Office365  (smtp.office365.com)

4. Once username, pwd entered - getting error: "Failed to send SMS parameter, please contact administrator."

5. When checked with Office365 team, they replied that any "FROM" mail sent from CheckPoint towards their Office SMTP server - they had set authenticated for that "MAIL FROM:"

I had performed in my Lab environment with free SMTP mail server and made unauthenticated - It works great.

I would like to know without Unauthenticated settings in Office365 will it work?

Or anyone achieved getting DynaicID between CheckPoint and Office365 SMTP server.

Regards, Prabulingam.N

13 Replies
Kim_Moberg
Advisor
‎2019-02-11 02:25 AM

Hi 

Did you check this link?

https://community.checkpoint.com/thread/9091-dynamic-id-and-2way-sms-provider

Best regards

Kim

Best Regards
Kim
0 Kudos
Prabulingam_N1
Advisor
‎2019-02-11 02:29 AM
In response to Kim_Moberg

Dear Kim,

Yes, checked as well.

Also in my setup, the customer would like to get 2FA only thru EMail and not SMS.

This works well in my Lab if I have Unauthenticated SMTP mail server.

But customer using smtp.office365.com where if CheckPoint sends FROM: - they expect this address to have authentication.

Regards, Prabulingam

0 Kudos
Kim_Moberg
Advisor
‎2019-02-12 09:15 PM
In response to Prabulingam_N1

Isn’t because smtp.office365.com required to use port 587, and starttls or tls with the same user auth and from: address have to be the same?

Br

Kim


Best Regards
Kim
0 Kudos
(1)
Prabulingam_N1
Advisor
‎2019-02-12 09:34 PM
In response to Kim_Moberg

Yes Kim.

Also Office365.smtp when receive email FROM: which has authenticated, CheckPoint dont have such Authenticated set for FROM MAIL:

So it doesn't accept Unauthenticated FROM MAIL:

Rg, Prabu

0 Kudos
Kim_Moberg
Advisor
‎2019-02-12 09:38 PM
In response to Prabulingam_N1

Ah now I understand.

I thought you had it running in your lab but with a different smtp provider than office365.

Br

Kim

Best Regards
Kim
0 Kudos
Prabulingam_N1
Advisor
‎2019-02-12 10:27 PM
In response to Kim_Moberg

Dear Kim,

In my Lab i setup normal SMTP mail server without authentication and it works great, got Dynamic ID.

But customer has SMTP.office365.com which is Authenticated in Port:587 STARTTLS.

So they expect any FROM MAIL: address to be Authenticated only.

Rg, Prabu

0 Kudos
Kim_Moberg
Advisor
‎2019-02-12 11:22 PM
In response to Prabulingam_N1

Dear Prabu

Did you was a workaround set up a stunnel on a device ourside Check Point?

You you can connect un-authenticad to eg stunnel and the pipe/connect to smtp.office365.com which will autheticate?

Of course not the best Secure solution.

BR

Kim

Best Regards
Kim
0 Kudos
PhoneBoy
Admin
Admin
‎2019-02-12 08:39 PM

As near as I can tell, there’s not an option to support authenticated SMTP with the DynamicID configuration.

Will have to look into it further.

0 Kudos
Prabulingam_N1
Advisor
‎2019-02-24 07:47 AM
In response to PhoneBoy

Yes Dameon,

Hope as per this sk113164 & sk144712 - the above supported from R80.20.

Regards, Prabu

0 Kudos
Jon_Fallon
Employee Alumnus
Employee Alumnus
‎2020-02-05 03:20 PM
In response to Prabulingam_N1

@Prabulingam_N1  Did you get this working?  If so, what does your connection string format look like?  I'm trying to work through this same issue and I'm not having any luck.  

0 Kudos
Prabulingam_N1
Advisor
‎2020-02-12 02:59 AM
In response to Jon_Fallon

Dear Jon,

 

As per sk144712 - From R80.20 onwards the SMTP authentication is supported.

I haven't checked with customer if working or not. sorry...😔

 

Regards, Prabu

0 Kudos
Vladimir
Champion
Champion
‎2021-03-24 12:53 PM
In response to PhoneBoy

@PhoneBoy , do you know if this was ever addressed?

None of the SKs mentioned in this thread are live (at least according to Google).

Thank you.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-03-24 04:23 PM
In response to Vladimir

Yeah, it should be supported from R80.20.
Not sure why this is an internal note in the SK, but:

To configure SMTPS on port 465, use the following configuration string:

mail:TO=$EMAIL;SMTPSERVER=smtps://user:password@smtp.server.address;FROM=sslvpn@example.com;BODY=$RAWMESSAGE

To configure SMTP on port 25 with STARTTLS, use the following configuration string:

mail:TO=$EMAIL;SSL_REQUIRED;SMTPSERVER=smtp://user:password@smtp.server.address;FROM=sslvpn@example.com;BODY=$RAWMESSAGE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events