cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Pros and Cons of different 2fa methods for Remote Access VPN

Hello

I need your feedback about the below thread.

Pros and Cons of different 2fa methods for Remote Access VPN for R80.20.

Option1

User Certificate+Domain username password with SNX

Option2

Domain username password + DynamicID (E-mail method) or SecureID with Remote Access VPN client

BR,
Kostas

5 Replies

Re: Pros and Cons of different 2fa methods for Remote Access VPN

Where is the thread below you want feedback to ? Besides, SNX and RA VPN client are two very different RA solutions, see for differences sk67820: Check Point Remote Access Solutions !

Re: Pros and Cons of different 2fa methods for Remote Access VPN

Hello

It would be interesting to compare 2FA between SNX and Remote Access VPN with client.

BR,

Kostas

0 Kudos

Re: Pros and Cons of different 2fa methods for Remote Access VPN

It would be more interesting to compare the customers needs to SNX and RA VPN capabilities, as 2FA is supported by both...

0 Kudos

Re: Pros and Cons of different 2fa methods for Remote Access VPN

Hello Gunther

The needs are

1)only corporate laptop joined on the domain must be able to connect

2)most secure multifactor combination

3)less user disruption

4)end users are not administrators on their laptops

5)network vpn access must be the same when laptops are connected on the internal Network 

Thank you 

Kostas

0 Kudos

Re: Pros and Cons of different 2fa methods for Remote Access VPN

RA VPN client with Check Point VPN client certificate and AD account/PW (with cache) is a sure thing to work properly, this will also work when you need to use secondary connect.

Tokens as 2fa will never work with secondary connect as there is nothing to be able to cache and you will get a challenge for each other GW the secondary connect tries to contact. We had a case were there were multiple AD servers scattered throughout the network and the client was connecting to all 8 of them, asking the user 8 times for a challenge...

Regards, Maarten
0 Kudos