Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

2FA not being enforced in Capsule VPN clients (R80.10)

Jump to solution

VPN client authentication configured with two authentication factors: RADIUS + Dynamic ID

Clients are able to connect only with User+Pass if they use  Capsule VPN Clients - Windows, Android or IOS (capsule connect).

Only way to avoid this is to disable this clients... but I need to use them (certificate authentication).

 

 

1 Solution

Accepted Solutions
Highlighted

Can you post a screenshot of the following settings:

2019-03-26_08-05-20.png

 

This might help to see if it is a configuration issue or misbehaving!

View solution in original post

8 Replies
Highlighted
Admin
Admin

Not sure you can configure different authentication schemes for different clients. What does your Gateway Properties > VPN Clients > Authentication show?

0 Kudos
Reply
Highlighted
Contributor

Currently I have two choices there:

1. Radius, DynamicID

2. Personal Certificate, Username and Password

0 Kudos
Reply
Highlighted

For me it sounds like you have configured "multiple login options" that way and this is only supported for some clients. See sk111583 for details.

For other clients you have to rely on the legacy authentication options.

0 Kudos
Reply
Highlighted
Contributor

Yes, I've configured multiple login options and I know that Capsule VPN clients only support one factor authentication. But the   gateway should enforce two factor and don't allow the connection for this clients.

0 Kudos
Reply
Highlighted

Can you post a screenshot of the following settings:

2019-03-26_08-05-20.png

 

This might help to see if it is a configuration issue or misbehaving!

View solution in original post

Highlighted
Contributor

That's it !!! Never imagined that the setting could be there (allow older clients to connect to the gateway was unchecked).

Many thanks

0 Kudos
Reply
Highlighted
Employee+
Employee+

Hi Antonio,

 

I will appreciate if you could open a ticket with TAC for further investigation.

 

Thanks,

Royi.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos
Reply
Highlighted
Contributor

I will. Thanks.

0 Kudos
Reply