This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tiger_QAs
Contributor
‎2021-04-07 08:14 AM

Identity Awareness and Legacy Client Authentication portal consolidation

Hello Folks,

Our environment has both IA and Legacy authentication currently. Below are my Q's.

        1. Is it possible to do MFA (Radius) in IA ? I
                    [If answer is NO to Question-1 then our query leads to Question-2]

        2. Is it possible to consolidate both IA and Legacy portals ?


Any suggestions or recommendations are greatly appreciated!!

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2021-04-07 08:22 AM

RADIUS authentication is supported for Captive Portal, yes. 

0 Kudos
Tiger_QAs
Contributor
‎2021-04-07 09:37 AM
In response to PhoneBoy

Thanks for a quick update Welch!

Our use case is to have MFA for only external contractors, As seen in below example firewall rules, We would like to leverage IA only for "External Contractors" rule.

So Is there a way to use AD group on "External Contractors" rule and also leverage MFA without disrupting IA rule ?

IA and legacy authentication firewall rules.JPG

 

0 Kudos
PhoneBoy
Admin
Admin
‎2021-04-07 12:32 PM
In response to Tiger_QAs

The difference would be how the identities are acquired (Captive Portal versus Active Directory) and the Access Role used.
But one should not impact the other.

Tiger_QAs
Contributor
‎2021-08-24 07:44 AM
In response to PhoneBoy

Hello Mr.PhoneBoy, Greetings!

I am trying to configure MFA using the RSA token to the Browser Based auth. Even after adding the SecureID server to my authentication setting it does not prompt me for my token when I used the Captive Portal and try browser based auth.

Is there a way to integrate MFA for Browser based authentication?

Note: I don't have remote access VPN configurations on my gateways.
0 Kudos
PhoneBoy
Admin
Admin
‎2021-08-24 09:50 AM
In response to Tiger_QAs

As far as I remember, we currently don't support a specific prompt for a second factor.
I believe you enter the password plus the second factor as a single password entry.

0 Kudos
the_rock
Legend
Legend
‎2021-08-24 10:16 AM
In response to Tiger_QAs

I implemented this for couple customers, but it can get little tricky. Say, for example, you have 500 people in your company and you want only 50 of them using Radius for MFA. Well, its not as easy as referencing that group in AD for radius auth, what we had to do is create local vpn users in dashboard and set their auth to Radius and then update the proper vpn/access role groups to allow them access. This is not sadly scalable for lots of users, but it does work. Message me privately if you want to do remote, Im happy to show you.

 

Cheers!

 

A.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events