This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
nflnetwork29
Advisor
‎2022-05-18 11:52 AM

Connecting to Remote access vpn , not getting prompted fore 2Fa

hello i have configured remote access vpn to work with azure active directory. 

when i connect my endpoint client i can successfully login but im Not getting any 2Fa prompting. 

does anyone know where i can look to verify my settings for this?

would this be something on the azure portal side?.

any suggestions?

 

thanks, 

Labels
0 Kudos
9 Replies
nflnetwork29
Advisor
‎2022-05-18 02:30 PM

we also just noticed during some initial testing that any subsequent vpn login attempt do not even ask for credentials of any sort? i have no idea how the endpoint client is even connecting . something must be cached somewhere? it is now connecting without any credential input request. 

0 Kudos
(1)
the_rock
Champion
Champion
‎2022-05-18 06:24 PM
In response to nflnetwork29

If its on CP side, then its on gateway properties, vpn -> authentication

Andy

0 Kudos
nflnetwork29
Advisor
‎2022-05-18 07:42 PM
In response to the_rock

i belive this to be azure issue there is a property that gets set on the client workstation . 

 

it can be verified by running dsregcmd /status op the workstation

 

under the single sign on section there is the following property

AzureAdPrt : YES

If this property is set to yes it will essentially bypass the conditional access policy / request for MFA. 

 

my workstaion


+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+

AzureAdPrt : YES
AzureAdPrtUpdateTime : 2022-05-18 20:56:09.000 UTC
AzureAdPrtExpiryTime : 2022-06-02 00:59:03.000 UTC
AzureAdPrtAuthority : https://login.microsoftonline.com/4e3b121b-1d6b-491c-873e-95e5f3eec8e0
EnterprisePrt : NO
EnterprisePrtAuthority :
OnPremTgt : NO
CloudTgt : YES
KerbTopLevelNames : .windows.net,.windows.net:1433,.windows.net:3342

 

 

0 Kudos
nflnetwork29
Advisor
‎2022-05-19 06:26 AM
In response to nflnetwork29

some images of the login process . (attached) 

as you can see i never get prompted for MFA  or credentials. 

 

 

 

 

Preview file
95 KB
Preview file
45 KB
Preview file
54 KB
0 Kudos
the_rock
Champion
Champion
‎2022-05-19 06:39 AM
In response to nflnetwork29

What identity provider are you using? I tested this before with a colleague and worked fine. I still have it in my lab I believe.

0 Kudos
nflnetwork29
Advisor
‎2022-05-19 06:41 AM
In response to the_rock

Azure

0 Kudos
the_rock
Champion
Champion
‎2022-05-19 06:43 AM
In response to nflnetwork29

We were using another one (cant think of a name now), but never had this problem. Are there some settings in Azure portal that might be missing? I find it odd that you dont even get a prompt, I got a feeling there is something simple being omitted here.

0 Kudos
nflnetwork29
Advisor
‎2022-05-19 06:45 AM
In response to the_rock

will check with Microsoft support .will report back what i find out . 

 

the_rock
Champion
Champion
‎2022-05-19 06:46 AM
In response to nflnetwork29

Please do, because more and more people use cloud stuff now days, so any solution shared is big help.

 

Cheers.

0 Kudos