- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Hi,
Today a new version of Capsule Connect (v1.600.64), for iOS was released, and we are having problems with authentication. Apparently the new app introduced the multi-factor authentication as obligatory. We deploy our configuration through MDM to our users (more than 1000 users). Users with older app versions have no problems, but users with new version cannot connect without "manual" user interaction.
For the deployment in the older versions we used Custom Data Fields in the MDM profile. The most important was the authMethod which was set to Certificate (image below), and works flawlessly on older app versions. On new app version it doesn't work.
Can you help me finding the appropriate Custom Data Field to use with the new multi-factor authentication? What key-pair value am I supposed to use? There is none described in the Admin Guide.
These below are the fields I am talking about. I need a value for the auth parameter to make it use the multi-factor authentication option !
Thanks
I've brought this thread to the attention of the relevant area, more to follow.
Please refer: sk169222
It is fixed . We are able to push it from MDM as well.
On MDM, Add another key as below:
key : realm
Value : name of the realm (added Under gateway Properties > VPN Clients > Authentication > Multiple Authentication Client Settings > edit the Display Name ((Certificate + Username Password) in my case). You will find Name under General Properties. Cert_Username_Password
In my scenario, added as below:
key: relam
value: Cert_Username_Password
Push the config to your test device.
It is working thereafter.
We are also on the same boat. Have you raised ticket with CP TAC?
Hi, we have opened a TAC case, I'll keep you updated.
It is fixed . We are able to push it from MDM as well.
On MDM, Add another key as below:
key : realm
Value : name of the realm (added Under gateway Properties > VPN Clients > Authentication > Multiple Authentication Client Settings > edit the Display Name ((Certificate + Username Password) in my case). You will find Name under General Properties. Cert_Username_Password
In my scenario, added as below:
key: relam
value: Cert_Username_Password
Push the config to your test device.
It is working thereafter.
Did you remove allow older legacy vpn client in gateway object - vpn - authentication?.. enable it because It solved my issue with Capsule connect failing about multiple authentication methods.
Its enabled already.
Yes, we did, but that is not the problem we are facing.
The VPN is working fine, but human interaction is needed to configure the appropriate certificate and get it working. Deployment through MDM and automation is not working, and that is where the problem lies.
Issue on our side as below:
We have Cert + LDAP configured via DB tool, and users on version 1.600.54 are able to connect without any issues! Users with newer version are not able to connect and getting error “this authentication operation is not supported “
Aside what I have did is below:
Clicked on Settings under vpn > Authentication and Unchecked “allowed new clients use legacy auth”
And configured Cert + Username/password for new clients
When I do this , then getting Access Denied
Due to EA program I was not able to find root issue to this problem with TAC.
I did find something interesting between the jumbo hotfixes.
I was asked to upgrade from r80.40 take 67 to 77 and none of these takes accepts the latest Capsule connect client. When I downgraded the JHF to take 45 it worked again.
i managed to get username/password authentication to work on capsule connect after changing the vpn settings ‘allow newer clients to use legacy authentication’
any inputs from CP TAC on Deployment through MDM for auth type to cert +username?
On App store, i can see capsule connect have been removed.
I've brought this thread to the attention of the relevant area, more to follow.
Please refer: sk169222
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
2 | |
1 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY