This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Andy_Battle
Explorer
‎2023-05-02 03:18 AM

Capsule VPN and Multiple Authentication Methods errors

Gateway Version - R81.10
Management Version - R81.10

Using Capsule Client VPN on Windows 10  

Was using LDAP Authentication via Legacy Authentication (Defined on user record)
Have just enabled RADIUS based VPN with Microsoft Azure MFA using Multiple Authentication Client Settings.

Any client that has a newly defined profile is working fine

Any client where we delete and re-create profile is fine.

Any client that was previously deployed is erroring immediately 

"Cannot connect to VPN XXX"

"Arg_NullReferenceException"

Running latest capsule version (v1.1.18) and have reviewed  https://support.checkpoint.com/results/sk/sk177368

Screen Shot 2023-05-02 at 6.15.41 pm.pngScreen Shot 2023-05-02 at 6.16.37 pm.pngAny


 

0 Kudos
14 Replies
PhoneBoy
Admin
Admin
‎2023-05-02 06:01 AM

Recommend a TAC case: https://help.checkpoint.com

0 Kudos
the_rock
Legend
Legend
‎2023-05-02 06:16 AM

I think there is an easy fox for this. Can you double click in radius auth entry and send screenshots of how its configured? I know there is sessing there that affects this behavior, seen ot before. Please blur out any sensitive data.

Andy

0 Kudos
Andy_Battle
Explorer
‎2023-05-02 06:30 PM
In response to the_rock

Here is the Radius Properties

Screen Shot 2023-05-03 at 9.28.01 am.pngScreen Shot 2023-05-03 at 9.27.45 am.png

0 Kudos
the_rock
Legend
Legend
‎2023-05-02 07:20 PM
In response to Andy_Battle

I was more interested in seeing whats under user directories, I think thats the key here.

0 Kudos
Andy_Battle
Explorer
‎2023-05-02 07:29 PM
In response to the_rock

no worries

Screen Shot 2023-05-03 at 10.28.56 am.png

0 Kudos
the_rock
Legend
Legend
‎2023-05-02 07:36 PM
In response to Andy_Battle

Thats your problem, that setting. Make sure manual is selected and proper ldap unit and internal users, if there are any.

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-05-04 03:57 AM
In response to Andy_Battle

Hey @Andy_Battle 

Did you manage to resolve the issue or is it ongoing?

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend
‎2023-05-04 06:17 AM
In response to Chris_Atkinson

Thanks for following up @Chris_Atkinson . I assumed no news is good news (as they say), but better to confirm :). @Andy_Battle , let us know the outcome mate.

Cheers,

Andy 

0 Kudos
michele
Explorer
‎2023-06-22 03:11 AM

Hi, I would also like to implement this solution as I would not like to go and install checkpoint client but use capsules (but increasing the security level=not just user and password).
Were you able to solve the problem?
Can you give me a tip on how to do it?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-06-22 10:10 AM
In response to michele

Only one authentication factor is supported in the Capsule VPN clients.
Support for additional factors is currently not planned and would need to be addressed as part of an RFE with your local Check Point office.

0 Kudos
michele
Explorer
‎2023-06-22 10:35 AM
In response to PhoneBoy

Okay, but as a single factor can I use an alternative to username and password? Certificate?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-06-22 10:53 AM
In response to michele

Yes, you can use a certificate.
That said, you may need to adjust your configuration to support this: https://support.checkpoint.com/results/sk/sk113401 

0 Kudos
michele
Explorer
‎2023-06-22 11:30 AM
In response to PhoneBoy

Do I have to use the checkpoint ca? Can I use mine on the cloud (scepman)?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-06-23 07:41 AM
In response to michele

As far as I know you can.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top