This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
edd080
Contributor
‎2019-01-10 11:14 PM

Checkpoint endpoint VPN with Microsoft 2-Factor Authentication.

Good Day to all,

                         we currently have our checkpoint endpoint vpn authentication which uses username, password and dynamicid which sends an sms to the user in order to complete the logon.

We would like to change the dynamicid portion to Microsoft's two factor authentication. I am aware that a radius server is needed for this, however is there an sk or guide which can help us out on how checkpoint can be configured for this?

Thanks in advance.

10 Replies
Alex-
MVP Silver
MVP Silver
‎2019-01-11 01:05 AM

Which version are you using? Here are the r80.10 guides:

http://dl3.checkpoint.com/paid/87/87d47e947768228c17e5473013b23286/CP_R80.10_RemoteAccessVPN_AdminGu... 

http://dl3.checkpoint.com/paid/77/774c3c923f00c927527600aadaab3fcf/CP_R80.10_MobileAccess_AdminGuide... 

0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2019-01-11 02:34 AM

Further to the relevant sections of the admin guide please see:

sk114263: Can an Azure Multi-Factor Authentication Server be used as a RADIUS server for Mobile Access authentication?

CCSM R77/R80/ELITE
0 Kudos
edd080
Contributor
‎2019-01-11 02:51 AM
In response to Chris_Atkinson

Thank you for your guides will have a look at them.

Simone_Balboni
Explorer
‎2019-01-29 06:58 AM
In response to edd080

Hello, curious if you succeeded in this configuration. I am on it as well with the aim of replacing an RSA AuthMgr.

Simo

edd080
Contributor
‎2019-02-11 05:30 AM
In response to Simone_Balboni

Hi sorry for the late reply, we still haven't got on it yet but will let you know once we get it up and running.

0 Kudos
Konstantinos_In
Contributor
‎2019-02-28 05:29 AM
In response to edd080

Hello


Did you finally configure it?

BR,

Kostas

0 Kudos
Simone_Balboni
Explorer
‎2019-03-18 03:22 AM
In response to Konstantinos_In

Hello,

fyi  this setup implies:

1) download a RADIUS proxy VM from Microsoft and configure it to talk to our Azure tenancy MFA instance

2) point checkpoint to that internal RADIUS proxy as a MFA provider

 

I was expecting a more direct connection i.e. Checkpoint to my Azure MFA tenancy directly, but it is not the case.

I have not yet investigated aspects like: how does the system behave if Azure MFA is down or not reachable etc? Are there emergency connection procedures etc?

 

Best regards,

Simone

 

Konstantinos_In
Contributor
‎2019-04-10 04:30 AM
In response to Simone_Balboni

Hello Simone

 

Can you please kindly share checkpoint configuration and NPS configuration or some hints?

As concerns emergency procedure you could configure another Login option on checkpoint vpn client with one factor authentication.

BR,
Kostas

0 Kudos
TOM_MORAN
Contributor
‎2019-05-22 01:25 PM
In response to Simone_Balboni

does Checkpoint support Azure mfa in the way it does for example duo ?

 

any help is appreciated

 

Thanks

Tom

0 Kudos
Rodrigo_Silva
Contributor
‎2019-12-11 09:36 AM

See if this post can help you.

https://community.checkpoint.com/t5/General-Management-Topics/Checkpoint-VPN-with-Microsoft-2-Factor...

Good luck.

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events