This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Antonio_Martins
Contributor
‎2019-03-24 03:10 AM
Jump to solution

2FA not being enforced in Capsule VPN clients (R80.10)

VPN client authentication configured with two authentication factors: RADIUS + Dynamic ID

Clients are able to connect only with User+Pass if they use  Capsule VPN Clients - Windows, Android or IOS (capsule connect).

Only way to avoid this is to disable this clients... but I need to use them (certificate authentication).

 

 

1 Solution

Accepted Solutions
Norbert_Bohusch
Advisor
‎2019-03-26 12:08 AM
In response to Antonio_Martins
Jump to solution

Can you post a screenshot of the following settings:

2019-03-26_08-05-20.png

 

This might help to see if it is a configuration issue or misbehaving!

View solution in original post

8 Replies
PhoneBoy
Admin
Admin
‎2019-03-24 04:23 PM
Jump to solution

Not sure you can configure different authentication schemes for different clients. What does your Gateway Properties > VPN Clients > Authentication show?

0 Kudos
Antonio_Martins
Contributor
‎2019-03-24 06:48 PM
In response to PhoneBoy
Jump to solution

Currently I have two choices there:

1. Radius, DynamicID

2. Personal Certificate, Username and Password

0 Kudos
Norbert_Bohusch
Advisor
‎2019-03-25 01:47 AM
In response to Antonio_Martins
Jump to solution

For me it sounds like you have configured "multiple login options" that way and this is only supported for some clients. See sk111583 for details.

For other clients you have to rely on the legacy authentication options.

0 Kudos
Antonio_Martins
Contributor
‎2019-03-25 03:29 PM
In response to Norbert_Bohusch
Jump to solution

Yes, I've configured multiple login options and I know that Capsule VPN clients only support one factor authentication. But the   gateway should enforce two factor and don't allow the connection for this clients.

0 Kudos
Norbert_Bohusch
Advisor
‎2019-03-26 12:08 AM
In response to Antonio_Martins
Jump to solution

Can you post a screenshot of the following settings:

2019-03-26_08-05-20.png

 

This might help to see if it is a configuration issue or misbehaving!

Antonio_Martins
Contributor
‎2019-03-26 06:14 PM
In response to Norbert_Bohusch
Jump to solution

That's it !!! Never imagined that the setting could be there (allow older clients to connect to the gateway was unchecked).

Many thanks

0 Kudos
Royi_Priov
Employee
Employee
‎2019-03-25 01:30 AM
Jump to solution

Hi Antonio,

 

I will appreciate if you could open a ticket with TAC for further investigation.

 

Thanks,

Royi.

Thanks,
Royi Priov
R&D Group manager, Infinity Identity
0 Kudos
Antonio_Martins
Contributor
‎2019-03-25 03:29 PM
In response to Royi_Priov
Jump to solution

I will. Thanks.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events