This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
K_montalvo
Advisor
‎2021-07-23 09:10 AM

YUBIKEY SUPPORT

Hello my friends!

Does Checkpoint supports Yubikeys for 2FA ?

Thanks,

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-07-24 01:18 PM

We don’t offer specific support for Yubikey.
That said, if it has a RADIUS connector, you can probably make it work.

K_montalvo
Advisor
‎2021-07-30 11:26 AM
In response to PhoneBoy

Hello @PhoneBoy  thanks for your reply. I will try soon and will post and update of the results.

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2021-07-30 12:17 PM
In response to K_montalvo

Thats a good point phoneboy made...if it is somehow Radius related, then I dont see why it would not work, but personally, never seen Yubikey used for 2FA. I am not even sure any other vendor supports them, but cant say 100%.

Best,
Andy
Daniel_Kavan
MVP Gold
MVP Gold
‎2025-07-18 07:25 AM

Yes, but not native support.   

per CP marketing  - I do see support for PATs in the CP marketing.  This page (https://www.checkpoint.com/cyber-hub/network-security/what-is-multi-factor-authentication-mfa/) says Yubikeys are supported.  Physical Authentication Tokens: Physical authentication tokens like a smartcard, Yubikey, etc. provide possession-based authentication.
These devices may generate an OTP or connect to a device via USB, Bluetooth, or NFC to provide a second authentication factor.

Per TAC

- Check Point does not offer native support for Yubikey integration.
- Yubikeys are generally used for OTP (One-Time Password) or FIDO2/U2F authentication.
- Our products support external authentication methods such as RADIUS, TACACS, and SecurID (RSA).
- Integration with Yubikey is possible by using an external authentication manager (e.g., RADIUS, TACACS, or SecurID) that supports Yubikey.

My break down is that for:
RE: RADIUS, set up a RADIUS server or use 

https://rublon.com/doc/checkpoint/

RADIUS - Update username in accept? - Check Point CheckMates

RE: TACACs set up an internal TACACS server from open source
TACACS open sources RHEL
While there isn't a single "TACACS open source RHEL" package, you can use open-source TACACS+ daemons like tac_plus from GitHub, or tacquito, also from GitHub, on Red Hat Enterprise Linux (RHEL) distributions. You'll need to compile and configure them, potentially using tools like yum and rpmbuild.
Here's a more detailed breakdown:

RE: SecureID - per phoneboy, most of the recent securID implementations use RADIUS
https://community.checkpoint.com/t5/Management/RSA-secure-ID-authentication-for-checkpoint-gateways-...

Maybe, another option with SAML
https://community.checkpoint.com/t5/Remote-Access-VPN/SAML-with-Yubikey-on-Remote-Access-VPN/td-p/22...

 

 

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events