This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Highlighted
Antonio_Martins
Contributor
‎2019-03-24 03:10 AM

2FA not being enforced in Capsule VPN clients (R80.10)

Jump to solution

VPN client authentication configured with two authentication factors: RADIUS + Dynamic ID

Clients are able to connect only with User+Pass if they use  Capsule VPN Clients - Windows, Android or IOS (capsule connect).

Only way to avoid this is to disable this clients... but I need to use them (certificate authentication).

 

 

Reply
1 Solution

Accepted Solutions
Highlighted
Norbert_Bohusch
Advisor
‎2019-03-26 12:08 AM

Jump to solution

Can you post a screenshot of the following settings:

2019-03-26_08-05-20.png

 

This might help to see if it is a configuration issue or misbehaving!

View solution in original post

Reply
8 Replies
Highlighted
PhoneBoy
Admin
Admin
‎2019-03-24 04:23 PM

Jump to solution

Not sure you can configure different authentication schemes for different clients. What does your Gateway Properties > VPN Clients > Authentication show?

0 Kudos
Reply
Highlighted
Antonio_Martins
Contributor
‎2019-03-24 06:48 PM

Jump to solution

Currently I have two choices there:

1. Radius, DynamicID

2. Personal Certificate, Username and Password

0 Kudos
Reply
Highlighted
Norbert_Bohusch
Advisor
‎2019-03-25 01:47 AM

Jump to solution

For me it sounds like you have configured "multiple login options" that way and this is only supported for some clients. See sk111583 for details.

For other clients you have to rely on the legacy authentication options.

0 Kudos
Reply
Highlighted
Antonio_Martins
Contributor
‎2019-03-25 03:29 PM

Jump to solution

Yes, I've configured multiple login options and I know that Capsule VPN clients only support one factor authentication. But the   gateway should enforce two factor and don't allow the connection for this clients.

0 Kudos
Reply
Highlighted
Norbert_Bohusch
Advisor
‎2019-03-26 12:08 AM

Jump to solution

Can you post a screenshot of the following settings:

2019-03-26_08-05-20.png

 

This might help to see if it is a configuration issue or misbehaving!

View solution in original post

Reply
Highlighted
Antonio_Martins
Contributor
‎2019-03-26 06:14 PM

Jump to solution

That's it !!! Never imagined that the setting could be there (allow older clients to connect to the gateway was unchecked).

Many thanks

0 Kudos
Reply
Highlighted
Royi_Priov
Employee+
Employee+
‎2019-03-25 01:30 AM

Jump to solution

Hi Antonio,

 

I will appreciate if you could open a ticket with TAC for further investigation.

 

Thanks,

Royi.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos
Reply
Highlighted
Antonio_Martins
Contributor
‎2019-03-25 03:29 PM

Jump to solution

I will. Thanks.

0 Kudos
Reply