- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- Capsule VPN and Multiple Authentication Methods er...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Capsule VPN and Multiple Authentication Methods errors
Gateway Version - R81.10
Management Version - R81.10
Using Capsule Client VPN on Windows 10
Was using LDAP Authentication via Legacy Authentication (Defined on user record)
Have just enabled RADIUS based VPN with Microsoft Azure MFA using Multiple Authentication Client Settings.
Any client that has a newly defined profile is working fine
Any client where we delete and re-create profile is fine.
Any client that was previously deployed is erroring immediately
"Cannot connect to VPN XXX"
"Arg_NullReferenceException"
Running latest capsule version (v1.1.18) and have reviewed https://support.checkpoint.com/results/sk/sk177368
Any
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Recommend a TAC case: https://help.checkpoint.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think there is an easy fox for this. Can you double click in radius auth entry and send screenshots of how its configured? I know there is sessing there that affects this behavior, seen ot before. Please blur out any sensitive data.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is the Radius Properties
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was more interested in seeing whats under user directories, I think thats the key here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
no worries
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thats your problem, that setting. Make sure manual is selected and proper ldap unit and internal users, if there are any.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for following up @Chris_Atkinson . I assumed no news is good news (as they say), but better to confirm :). @Andy_Battle , let us know the outcome mate.
Cheers,
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I would also like to implement this solution as I would not like to go and install checkpoint client but use capsules (but increasing the security level=not just user and password).
Were you able to solve the problem?
Can you give me a tip on how to do it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Only one authentication factor is supported in the Capsule VPN clients.
Support for additional factors is currently not planned and would need to be addressed as part of an RFE with your local Check Point office.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay, but as a single factor can I use an alternative to username and password? Certificate?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, you can use a certificate.
That said, you may need to adjust your configuration to support this: https://support.checkpoint.com/results/sk/sk113401
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do I have to use the checkpoint ca? Can I use mine on the cloud (scepman)?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As far as I know you can.
