This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SaxMan
Participant
‎2021-08-16 02:34 AM

2FA with SMB 1500 (R80.20.30)

Hi,
Are there any "workarounds"/solution(s) for the following scenario?
Appliance: SMB 1550 with R80.20.30.
On-premise 2FA Appliance (based on FreeRadius)
Issue:
We've successfully integrated 2FA/Radius appliance with AD and it "pulls" through the relevant VPN users group via FilterID.
When we have Radius/2FA server defined as the ONLY Authentication Server, the VPN users successfully authenticate with OTP.
Once we add the AD server, 2FA does not work. (even if we create a dummy AD group for the 1550 to read)
We do, however, need the AD server for building specific rules in the Access Policy.

Any suggestions/advice would be greatly appreciated.

Thanks.


0 Kudos
6 Replies
G_W_Albrecht
Legend Legend
Legend
‎2021-08-16 02:52 AM

sk137732 ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
SaxMan
Participant
‎2021-08-16 04:52 AM
In response to G_W_Albrecht

Thanks a million.
Yip.
Read through that doc/SK - I just thought there might be a chance of someone on the community successfully implementing it (with AD, of course)
The 2FA solution works with other SMB brands(with AD + Radius) so we're trying to compete with our CheckPoint POV/POCs.
Thank you for the prompt feedback.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-08-16 08:29 AM
In response to SaxMan

But sk137732 is for locally managed SMB and you’re talking about using Access Roles in rules.
Is this a centrally managed SMB?

0 Kudos
SaxMan
Participant
‎2021-08-16 12:01 PM
In response to PhoneBoy

Hi,
Thanks for the response.

Locally managed 1500.
My original post should've read:
On the 1500 we want to use AD to define rules under Access Policy -> Policy 
(example: Outgoing - Source: (AD Group)marketing -> Dest:internet -> Service:Facebook Business -> Action: accept -> Log)

The Radius server will sync with AD and filter out the VPN users and do the 2FA
So ideally, have both AD and Radius configured under Authentication Servers
(right now we have to remove AD from the Auth Servers list, and then 2FA works 100%)

I hope this makes sense?

Thanks.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-08-16 01:21 PM
In response to SaxMan

Yes, it makes sense, therefore it seems sk137732 would apply.

SaxMan
Participant
‎2021-08-16 01:44 PM
In response to PhoneBoy

Great stuff.
Thanks.

So, here's the Million Dollar question: 😀
Any chance that there might be a solution/enhancement on a roadmap soon?


0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events