- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: 2-Factor Authentication in CheckPoint with smt...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2-Factor Authentication in CheckPoint with smtp.Office365.com
Dear CheckMates,
I would like to get some inputs on the below.
1. In CheckPoint GW R77.30 managed by R80.10 Mgmt server - MobileBlade configured.
2. Configured 2FA for DynamicId
3. SMTP server is Office365 (smtp.office365.com)
4. Once username, pwd entered - getting error: "Failed to send SMS parameter, please contact administrator."
5. When checked with Office365 team, they replied that any "FROM" mail sent from CheckPoint towards their Office SMTP server - they had set authenticated for that "MAIL FROM:"
I had performed in my Lab environment with free SMTP mail server and made unauthenticated - It works great.
I would like to know without Unauthenticated settings in Office365 will it work?
Or anyone achieved getting DynaicID between CheckPoint and Office365 SMTP server.
Regards, Prabulingam.N
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Did you check this link?
https://community.checkpoint.com/thread/9091-dynamic-id-and-2way-sms-provider
Best regards
Kim
Kim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Kim,
Yes, checked as well.
Also in my setup, the customer would like to get 2FA only thru EMail and not SMS.
This works well in my Lab if I have Unauthenticated SMTP mail server.
But customer using smtp.office365.com where if CheckPoint sends FROM: - they expect this address to have authentication.
Regards, Prabulingam
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Isn’t because smtp.office365.com required to use port 587, and starttls or tls with the same user auth and from: address have to be the same?
Br
Kim
Kim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes Kim.
Also Office365.smtp when receive email FROM: which has authenticated, CheckPoint dont have such Authenticated set for FROM MAIL:
So it doesn't accept Unauthenticated FROM MAIL:
Rg, Prabu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ah now I understand.
I thought you had it running in your lab but with a different smtp provider than office365.
Br
Kim
Kim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Kim,
In my Lab i setup normal SMTP mail server without authentication and it works great, got Dynamic ID.
But customer has SMTP.office365.com which is Authenticated in Port:587 STARTTLS.
So they expect any FROM MAIL: address to be Authenticated only.
Rg, Prabu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Prabu
Did you was a workaround set up a stunnel on a device ourside Check Point?
You you can connect un-authenticad to eg stunnel and the pipe/connect to smtp.office365.com which will autheticate?
Of course not the best Secure solution.
BR
Kim
Kim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As near as I can tell, there’s not an option to support authenticated SMTP with the DynamicID configuration.
Will have to look into it further.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes Dameon,
Hope as per this sk113164 & sk144712 - the above supported from R80.20.
Regards, Prabu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Prabulingam_N1 Did you get this working? If so, what does your connection string format look like? I'm trying to work through this same issue and I'm not having any luck.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Jon,
As per sk144712 - From R80.20 onwards the SMTP authentication is supported.
I haven't checked with customer if working or not. sorry...😔
Regards, Prabu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@PhoneBoy , do you know if this was ever addressed?
None of the SKs mentioned in this thread are live (at least according to Google).
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yeah, it should be supported from R80.20.
Not sure why this is an internal note in the SK, but:
To configure SMTPS on port 465, use the following configuration string:
mail:TO=$EMAIL;SMTPSERVER=smtps://user:password@smtp.server.address;FROM=sslvpn@example.com;BODY=$RAWMESSAGE
To configure SMTP on port 25 with STARTTLS, use the following configuration string:
mail:TO=$EMAIL;SSL_REQUIRED;SMTPSERVER=smtp://user:password@smtp.server.address;FROM=sslvpn@example.com;BODY=$RAWMESSAGE
![](/skins/images/74119E49EB1AA30407316FFB9151D237/responsive_peak/images/icon_anonymous_message.png)