This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kevin100
Explorer
‎2025-05-12 04:29 AM

2FA for ssl VPN

Hai

 

One of the client needs to enable 2FA, MFA for ssl vpn  checkpoint for 15 users .

Client got on premise AD and no radius server.

Please provide a recommended solution, and what components required for that solution, like radius server

 

0 Kudos
6 Replies
AkosBakos
Mentor Mentor
Mentor
‎2025-05-12 04:38 AM

Hi, hard situation. Low cost, not so beautiful, but certificate based VPN can be the solution.

Page 40: 

Digital User Certificates
Digital Certificates are the most recommended and manageable method for authentication.
Both parties present certificates as a means of proving their identity. Both parties verify that the
peer's certificate is valid (i.e. that it was signed by a known and trusted CA, and that the
certificate has not expired or been revoked).
Digital certificates are issued either by Check Point's Internal Certificate Authority or third-party
PKI solutions. Check Point's ICA is tightly integrated with VPN and is the easiest way to
configure a Remote Access VPN. The ICA can issue certificates both to Security Gateways
(automatically) and to remote users (generated or initiated).
Generate digital certificates easily in SmartConsole > Security Policies > Access Tools >
Client Certificates.

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_RemoteAccessVPN_AdminGuide/C...

----------------
\m/_(>_<)_\m/
0 Kudos
kevin100
Explorer
‎2025-05-12 04:50 AM
In response to AkosBakos

Hai thanks for the reply, will Duo 2fa work with checkpoint ssl VPN 

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2025-05-12 04:53 AM
In response to kevin100

Hi @kevin100 

I thought that you don't want to invest any money.

If yes, the Cisco DUO is the one of the best and cheapest solution for this. I have experience with that, it works, as expected!

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
kevin100
Explorer
‎2025-05-12 04:57 AM
In response to AkosBakos

Dear Akos

 

Thanks for the info, do this solution setup need a separate radius server?

Also hope checkpoint ssl vpn works with laptops 

 

 

Thank you

 

 

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2025-05-12 05:36 AM
In response to kevin100

Hi @kevin100 

A small connector tool is needed for the Cisco DUO. It must be installed locally.

SSL VPN ha browsed dependencies. It should work with laptop, of course,

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
the_rock
Legend
Legend
‎2025-05-12 06:07 AM
In response to kevin100

Yea, DUO works 100%. I know few customers who use it without any issues.

Andy

Preview file
1314 KB
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events