Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Andy_Battle
Explorer

Capsule VPN and Multiple Authentication Methods errors

Gateway Version - R81.10
Management Version - R81.10

Using Capsule Client VPN on Windows 10  

Was using LDAP Authentication via Legacy Authentication (Defined on user record)
Have just enabled RADIUS based VPN with Microsoft Azure MFA using Multiple Authentication Client Settings.

Any client that has a newly defined profile is working fine

Any client where we delete and re-create profile is fine.

Any client that was previously deployed is erroring immediately 

"Cannot connect to VPN XXX"

"Arg_NullReferenceException"

Running latest capsule version (v1.1.18) and have reviewed  https://support.checkpoint.com/results/sk/sk177368

Screen Shot 2023-05-02 at 6.15.41 pm.pngScreen Shot 2023-05-02 at 6.16.37 pm.pngAny


 

0 Kudos
14 Replies
PhoneBoy
Admin
Admin

Recommend a TAC case: https://help.checkpoint.com

0 Kudos
the_rock
Legend
Legend

I think there is an easy fox for this. Can you double click in radius auth entry and send screenshots of how its configured? I know there is sessing there that affects this behavior, seen ot before. Please blur out any sensitive data.

Andy

0 Kudos
Andy_Battle
Explorer

Here is the Radius Properties

Screen Shot 2023-05-03 at 9.28.01 am.pngScreen Shot 2023-05-03 at 9.27.45 am.png

0 Kudos
the_rock
Legend
Legend

I was more interested in seeing whats under user directories, I think thats the key here.

0 Kudos
Andy_Battle
Explorer

no worries

Screen Shot 2023-05-03 at 10.28.56 am.png

0 Kudos
the_rock
Legend
Legend

Thats your problem, that setting. Make sure manual is selected and proper ldap unit and internal users, if there are any.

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Hey @Andy_Battle 

Did you manage to resolve the issue or is it ongoing?

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend

Thanks for following up @Chris_Atkinson . I assumed no news is good news (as they say), but better to confirm :). @Andy_Battle , let us know the outcome mate.

Cheers,

Andy 

0 Kudos
michele
Explorer

Hi, I would also like to implement this solution as I would not like to go and install checkpoint client but use capsules (but increasing the security level=not just user and password).
Were you able to solve the problem?
Can you give me a tip on how to do it?

0 Kudos
PhoneBoy
Admin
Admin

Only one authentication factor is supported in the Capsule VPN clients.
Support for additional factors is currently not planned and would need to be addressed as part of an RFE with your local Check Point office.

0 Kudos
michele
Explorer

Okay, but as a single factor can I use an alternative to username and password? Certificate?

0 Kudos
PhoneBoy
Admin
Admin

Yes, you can use a certificate.
That said, you may need to adjust your configuration to support this: https://support.checkpoint.com/results/sk/sk113401 

0 Kudos
michele
Explorer

Do I have to use the checkpoint ca? Can I use mine on the cloud (scepman)?

0 Kudos
PhoneBoy
Admin
Admin

As far as I know you can.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events