Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Antonio_Martins
Contributor

2FA not being enforced in Capsule VPN clients (R80.10)

Jump to solution

VPN client authentication configured with two authentication factors: RADIUS + Dynamic ID

Clients are able to connect only with User+Pass if they use  Capsule VPN Clients - Windows, Android or IOS (capsule connect).

Only way to avoid this is to disable this clients... but I need to use them (certificate authentication).

 

 

1 Solution

Accepted Solutions
Norbert_Bohusch
Advisor

Can you post a screenshot of the following settings:

2019-03-26_08-05-20.png

 

This might help to see if it is a configuration issue or misbehaving!

View solution in original post

8 Replies
PhoneBoy
Admin
Admin

Not sure you can configure different authentication schemes for different clients. What does your Gateway Properties > VPN Clients > Authentication show?

0 Kudos
Antonio_Martins
Contributor

Currently I have two choices there:

1. Radius, DynamicID

2. Personal Certificate, Username and Password

0 Kudos
Norbert_Bohusch
Advisor

For me it sounds like you have configured "multiple login options" that way and this is only supported for some clients. See sk111583 for details.

For other clients you have to rely on the legacy authentication options.

0 Kudos
Antonio_Martins
Contributor

Yes, I've configured multiple login options and I know that Capsule VPN clients only support one factor authentication. But the   gateway should enforce two factor and don't allow the connection for this clients.

0 Kudos
Norbert_Bohusch
Advisor

Can you post a screenshot of the following settings:

2019-03-26_08-05-20.png

 

This might help to see if it is a configuration issue or misbehaving!

Antonio_Martins
Contributor

That's it !!! Never imagined that the setting could be there (allow older clients to connect to the gateway was unchecked).

Many thanks

0 Kudos
Royi_Priov
Employee
Employee

Hi Antonio,

 

I will appreciate if you could open a ticket with TAC for further investigation.

 

Thanks,

Royi.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos
Antonio_Martins
Contributor

I will. Thanks.

0 Kudos