Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Andy_Battle
Explorer

Capsule VPN and Multiple Authentication Methods errors

Gateway Version - R81.10
Management Version - R81.10

Using Capsule Client VPN on Windows 10  

Was using LDAP Authentication via Legacy Authentication (Defined on user record)
Have just enabled RADIUS based VPN with Microsoft Azure MFA using Multiple Authentication Client Settings.

Any client that has a newly defined profile is working fine

Any client where we delete and re-create profile is fine.

Any client that was previously deployed is erroring immediately 

"Cannot connect to VPN XXX"

"Arg_NullReferenceException"

Running latest capsule version (v1.1.18) and have reviewed  https://support.checkpoint.com/results/sk/sk177368

Screen Shot 2023-05-02 at 6.15.41 pm.pngScreen Shot 2023-05-02 at 6.16.37 pm.pngAny


 

14 Replies
PhoneBoy
Admin
Admin

Recommend a TAC case: https://help.checkpoint.com

the_rock
Legend
Legend

I think there is an easy fox for this. Can you double click in radius auth entry and send screenshots of how its configured? I know there is sessing there that affects this behavior, seen ot before. Please blur out any sensitive data.

Andy

Andy_Battle
Explorer

Here is the Radius Properties

Screen Shot 2023-05-03 at 9.28.01 am.pngScreen Shot 2023-05-03 at 9.27.45 am.png

the_rock
Legend
Legend

I was more interested in seeing whats under user directories, I think thats the key here.

Andy_Battle
Explorer

no worries

Screen Shot 2023-05-03 at 10.28.56 am.png

the_rock
Legend
Legend

Thats your problem, that setting. Make sure manual is selected and proper ldap unit and internal users, if there are any.

Andy

Chris_Atkinson
Employee Employee
Employee

Hey @Andy_Battle 

Did you manage to resolve the issue or is it ongoing?

CCSM R77/R80/ELITE
the_rock
Legend
Legend

Thanks for following up @Chris_Atkinson . I assumed no news is good news (as they say), but better to confirm :). @Andy_Battle , let us know the outcome mate.

Cheers,

Andy 

michele
Explorer

Hi, I would also like to implement this solution as I would not like to go and install checkpoint client but use capsules (but increasing the security level=not just user and password).
Were you able to solve the problem?
Can you give me a tip on how to do it?

PhoneBoy
Admin
Admin

Only one authentication factor is supported in the Capsule VPN clients.
Support for additional factors is currently not planned and would need to be addressed as part of an RFE with your local Check Point office.

michele
Explorer

Okay, but as a single factor can I use an alternative to username and password? Certificate?

PhoneBoy
Admin
Admin

Yes, you can use a certificate.
That said, you may need to adjust your configuration to support this: https://support.checkpoint.com/results/sk/sk113401 

michele
Explorer

Do I have to use the checkpoint ca? Can I use mine on the cloud (scepman)?

PhoneBoy
Admin
Admin

As far as I know you can.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events