Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Prabulingam_N1
Advisor

2-Factor Authentication in CheckPoint with smtp.Office365.com

Dear CheckMates,

I would like to get some inputs on the below.

1. In CheckPoint GW R77.30 managed by R80.10 Mgmt server - MobileBlade configured.

2. Configured 2FA for DynamicId

3. SMTP server is Office365  (smtp.office365.com)

4. Once username, pwd entered - getting error: "Failed to send SMS parameter, please contact administrator."

5. When checked with Office365 team, they replied that any "FROM" mail sent from CheckPoint towards their Office SMTP server - they had set authenticated for that "MAIL FROM:"

I had performed in my Lab environment with free SMTP mail server and made unauthenticated - It works great.

I would like to know without Unauthenticated settings in Office365 will it work?

Or anyone achieved getting DynaicID between CheckPoint and Office365 SMTP server.

Regards, Prabulingam.N

13 Replies
Kim_Moberg
Advisor

Hi 

Did you check this link?

https://community.checkpoint.com/thread/9091-dynamic-id-and-2way-sms-provider

Best regards

Kim

Best Regards
Kim
0 Kudos
Prabulingam_N1
Advisor

Dear Kim,

Yes, checked as well.

Also in my setup, the customer would like to get 2FA only thru EMail and not SMS.

This works well in my Lab if I have Unauthenticated SMTP mail server.

But customer using smtp.office365.com where if CheckPoint sends FROM: - they expect this address to have authentication.

Regards, Prabulingam

0 Kudos
Kim_Moberg
Advisor

Isn’t because smtp.office365.com required to use port 587, and starttls or tls with the same user auth and from: address have to be the same?

Br

Kim


Best Regards
Kim
0 Kudos
Prabulingam_N1
Advisor

Yes Kim.

Also Office365.smtp when receive email FROM: which has authenticated, CheckPoint dont have such Authenticated set for FROM MAIL:

So it doesn't accept Unauthenticated FROM MAIL:

Rg, Prabu

0 Kudos
Kim_Moberg
Advisor

Ah now I understand.

I thought you had it running in your lab but with a different smtp provider than office365.

Br

Kim

Best Regards
Kim
0 Kudos
Prabulingam_N1
Advisor

Dear Kim,

In my Lab i setup normal SMTP mail server without authentication and it works great, got Dynamic ID.

But customer has SMTP.office365.com which is Authenticated in Port:587 STARTTLS.

So they expect any FROM MAIL: address to be Authenticated only.

Rg, Prabu

0 Kudos
Kim_Moberg
Advisor

Dear Prabu

Did you was a workaround set up a stunnel on a device ourside Check Point?

You you can connect un-authenticad to eg stunnel and the pipe/connect to smtp.office365.com which will autheticate?

Of course not the best Secure solution.

BR

Kim

Best Regards
Kim
0 Kudos
PhoneBoy
Admin
Admin

As near as I can tell, there’s not an option to support authenticated SMTP with the DynamicID configuration.

Will have to look into it further.

0 Kudos
Prabulingam_N1
Advisor

Yes Dameon,

Hope as per this sk113164 & sk144712 - the above supported from R80.20.

Regards, Prabu

0 Kudos
Jon_Fallon
Employee Alumnus
Employee Alumnus

@Prabulingam_N1  Did you get this working?  If so, what does your connection string format look like?  I'm trying to work through this same issue and I'm not having any luck.  

0 Kudos
Prabulingam_N1
Advisor

Dear Jon,

 

As per sk144712 - From R80.20 onwards the SMTP authentication is supported.

I haven't checked with customer if working or not. sorry...😔

 

Regards, Prabu

0 Kudos
Vladimir
Champion
Champion

@PhoneBoy , do you know if this was ever addressed?

None of the SKs mentioned in this thread are live (at least according to Google).

Thank you.

0 Kudos
PhoneBoy
Admin
Admin

Yeah, it should be supported from R80.20.
Not sure why this is an internal note in the SK, but:

To configure SMTPS on port 465, use the following configuration string:

mail:TO=$EMAIL;SMTPSERVER=smtps://user:password@smtp.server.address;FROM=sslvpn@example.com;BODY=$RAWMESSAGE

To configure SMTP on port 25 with STARTTLS, use the following configuration string:

mail:TO=$EMAIL;SSL_REQUIRED;SMTPSERVER=smtp://user:password@smtp.server.address;FROM=sslvpn@example.com;BODY=$RAWMESSAGE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events