Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dsethi
Participant
Jump to solution

MFA for admin access for checkpoint firewall on Gaia and Smartconsole

Could anyone guide me with steps for implementing best approach of MFA for checkpoint firewalls (only for admin access on Gaia and smartconsole R81.10) for an azure platform.

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin

Yes, because the entire authentication flow happens in Azure AD (which supports MFA).

Like I said, the Gaia OS does not support integration with SAML, only RADIUS or TACACS.
Which means you need a Windows NPS server set up with the appropriate plugin: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/auth-radius 

You can actually use RADIUS for both SmartConsole and Gaia OS in R81.10.
The "MFA" would be entered in after your fixed password in both cases.
The user experience of the SAML-based approach is much better.

View solution in original post

PhoneBoy
Admin
Admin

Integration with RADIUS is explained in the various guides:

Refer to the appropriate Microsoft documentation to configure the NPS Server.

View solution in original post

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

What is your identity source here?
If it's Azure AD, then you cannot authenticate to the Gaia OS using this method, only RADIUS or TACACS are supported.
SmartConsole supports integration with Azure AD from R81.20: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuid... 

dsethi
Participant

It is Azure AD for authentication. Would this SAML authentication with Azure suffice my MFA requirement for admin logins on Smartconsole and Gaia portal ?

0 Kudos
PhoneBoy
Admin
Admin

Yes, because the entire authentication flow happens in Azure AD (which supports MFA).

Like I said, the Gaia OS does not support integration with SAML, only RADIUS or TACACS.
Which means you need a Windows NPS server set up with the appropriate plugin: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/auth-radius 

You can actually use RADIUS for both SmartConsole and Gaia OS in R81.10.
The "MFA" would be entered in after your fixed password in both cases.
The user experience of the SAML-based approach is much better.

dsethi
Participant

Thank you so much for your response! Is there any documentation for the steps that can be followed to implement the MFA for both smartconsole and Gaia using RADIUS and Azure AD.

0 Kudos
PhoneBoy
Admin
Admin

Integration with RADIUS is explained in the various guides:

Refer to the appropriate Microsoft documentation to configure the NPS Server.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events