This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Antonio_Martins
Contributor
‎2019-03-24 03:10 AM

2FA not being enforced in Capsule VPN clients (R80.10)

Jump to solution

VPN client authentication configured with two authentication factors: RADIUS + Dynamic ID

Clients are able to connect only with User+Pass if they use  Capsule VPN Clients - Windows, Android or IOS (capsule connect).

Only way to avoid this is to disable this clients... but I need to use them (certificate authentication).

 

 

1 Solution

Accepted Solutions
Norbert_Bohusch
Advisor
‎2019-03-26 12:08 AM
In response to Antonio_Martins

Jump to solution

Can you post a screenshot of the following settings:

2019-03-26_08-05-20.png

 

This might help to see if it is a configuration issue or misbehaving!

View solution in original post

8 Replies
PhoneBoy
Admin
Admin
‎2019-03-24 04:23 PM

Jump to solution

Not sure you can configure different authentication schemes for different clients. What does your Gateway Properties > VPN Clients > Authentication show?

0 Kudos
Antonio_Martins
Contributor
‎2019-03-24 06:48 PM
In response to PhoneBoy

Jump to solution

Currently I have two choices there:

1. Radius, DynamicID

2. Personal Certificate, Username and Password

0 Kudos
Norbert_Bohusch
Advisor
‎2019-03-25 01:47 AM
In response to Antonio_Martins

Jump to solution

For me it sounds like you have configured "multiple login options" that way and this is only supported for some clients. See sk111583 for details.

For other clients you have to rely on the legacy authentication options.

0 Kudos
Antonio_Martins
Contributor
‎2019-03-25 03:29 PM
In response to Norbert_Bohusch

Jump to solution

Yes, I've configured multiple login options and I know that Capsule VPN clients only support one factor authentication. But the   gateway should enforce two factor and don't allow the connection for this clients.

0 Kudos
Norbert_Bohusch
Advisor
‎2019-03-26 12:08 AM
In response to Antonio_Martins

Jump to solution

Can you post a screenshot of the following settings:

2019-03-26_08-05-20.png

 

This might help to see if it is a configuration issue or misbehaving!

Antonio_Martins
Contributor
‎2019-03-26 06:14 PM
In response to Norbert_Bohusch

Jump to solution

That's it !!! Never imagined that the setting could be there (allow older clients to connect to the gateway was unchecked).

Many thanks

0 Kudos
Royi_Priov
Employee
Employee
‎2019-03-25 01:30 AM

Jump to solution

Hi Antonio,

 

I will appreciate if you could open a ticket with TAC for further investigation.

 

Thanks,

Royi.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos
Antonio_Martins
Contributor
‎2019-03-25 03:29 PM
In response to Royi_Priov

Jump to solution

I will. Thanks.

0 Kudos