This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bcmario
Explorer
‎2025-06-23 03:03 AM

Checkpoint VPN MFA

Checkpoint VPN 2 factor authentication has been setup successfully, but now there is a requirement where the MFA (multi factor authentication) needs to be enforced on certain users and NOT all users.

Ex : - If there are 10 users, 8 of them will be enforced with MFA and the other 2 will not be enforced with MFA.

Is this possible?

0 Kudos
8 Replies
the_rock
Legend
Legend
‎2025-06-23 03:11 AM

From what Im aware of, its not possible. I asked this exact question while via TAC case and they responded saying escalation team told them it was not feasible. This was back in 2023, but I have not heard otherwise since.

The only way I can see this working would be if you create local users in smart console and assign them specific auth method.

Maybe someone else can confirm.

Andy

0 Kudos
bcmario
Explorer
‎2025-06-24 08:30 PM
In response to the_rock

@PhoneBoy any idea whether this is still not possible or is there a workaround this now?

0 Kudos
PhoneBoy
Admin
Admin
‎2025-06-25 01:58 PM
In response to bcmario

As far as I know the situation with this has not changed.
Recommend engaging your local Check Point office on this requirement.

0 Kudos
Ruan_Kotze
Advisor
‎2025-06-24 10:48 PM

Not sure if this classifies as a workaround but we managed to accomplish this. The catch is we're doing it through MS Authenticator via Entra Conditional Access Policies.

0 Kudos
the_rock
Legend
Legend
‎2025-06-25 03:13 AM
In response to Ruan_Kotze

How did you set up auth methods in smart console gateway object?

Andy

0 Kudos
garrod
Contributor
‎2025-06-24 10:57 PM

Hi,

I believe this depends on how you setup the MFA as what I understand as well, make sure to untick legacy authentication method. Let me know if it works

 

0 Kudos
Gaurav_Pandya
Advisor
‎2025-06-25 04:35 AM

Hi,

It depends on how you configure IDP. For example, Microsoft azure AD is your IDP then you can enforce 2FA setting in Azure AD. Firewall just forward request to azure AD and it will decide whether to enforce 2FA or not.

0 Kudos
the_rock
Legend
Legend
‎2025-06-25 04:46 AM
In response to Gaurav_Pandya

Right, but thats generally how it works, not to exclude few users though.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events