Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
edd080
Contributor

Checkpoint endpoint VPN with Microsoft 2-Factor Authentication.

Good Day to all,

                         we currently have our checkpoint endpoint vpn authentication which uses username, password and dynamicid which sends an sms to the user in order to complete the logon.

We would like to change the dynamicid portion to Microsoft's two factor authentication. I am aware that a radius server is needed for this, however is there an sk or guide which can help us out on how checkpoint can be configured for this?

Thanks in advance.

10 Replies
Alex-
Leader Leader
Leader

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Further to the relevant sections of the admin guide please see:

sk114263: Can an Azure Multi-Factor Authentication Server be used as a RADIUS server for Mobile Access authentication?

CCSM R77/R80/ELITE
0 Kudos
edd080
Contributor

Thank you for your guides will have a look at them.

Simone_Balboni
Explorer

Hello, curious if you succeeded in this configuration. I am on it as well with the aim of replacing an RSA AuthMgr.

Simo

edd080
Contributor

Hi sorry for the late reply, we still haven't got on it yet but will let you know once we get it up and running.

0 Kudos
Konstantinos_In
Contributor

Hello


Did you finally configure it?

BR,

Kostas

0 Kudos
Simone_Balboni
Explorer

Hello,

fyi  this setup implies:

1) download a RADIUS proxy VM from Microsoft and configure it to talk to our Azure tenancy MFA instance

2) point checkpoint to that internal RADIUS proxy as a MFA provider

 

I was expecting a more direct connection i.e. Checkpoint to my Azure MFA tenancy directly, but it is not the case.

I have not yet investigated aspects like: how does the system behave if Azure MFA is down or not reachable etc? Are there emergency connection procedures etc?

 

Best regards,

Simone

 

Konstantinos_In
Contributor

Hello Simone

 

Can you please kindly share checkpoint configuration and NPS configuration or some hints?

As concerns emergency procedure you could configure another Login option on checkpoint vpn client with one factor authentication.

BR,
Kostas

0 Kudos
TOM_MORAN
Contributor

does Checkpoint support Azure mfa in the way it does for example duo ?

 

any help is appreciated

 

Thanks

Tom

0 Kudos
Rodrigo_Silva
Contributor

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events