Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jeff_Baumann
Explorer

DynamicID broke after updating from R80.20 to R80.40

Hello - I have been struggling for 2 weeks trying to get a answer and solution from TAC.  I have worked with 4 or 5 Engineers and apparently the DynamicID workings in R80.40 is a well kept secret.

 

So I am reaching out to the Community for any suggestions.  Below is the DynamicID coding that have been using for years in R80.20 and earlier.

mail:TO=$EMAIL;SMTPSERVER=xxx.xxx.xxx.xxx;FROM=FW1@xxxxxx.net;BODY=$RAWMESSAGE

Pretty simple syntax above, but running this code in R80.40 does not work at all.

Checkpoint states to use the code below when delivering by email without a SMS provider.

To let the DynamicID code to be delivered by email only, without an SMS service provider, use the following syntax:

mail:TO=$EMAIL;SMTPSERVER=smtp.example.com;FROM=sslvpn@example.com;BODY=$RAWMESSAGE

 

We then link to the phonebook using the dynamic_id_users_info.lst with has the username xxxxxxxxxx@vtext.com

(The x's being the users cellular phone number)

Using this setup in R80.40 will result in a failure when using the Mobile VPN client.  It states that the UserName Password cannot be found and we do not receive the 2FA prompt for the DynamicID Pin.

Has anyone else had this issue after upgrading to R80.40?  Since TAC has not been able to assist, I have been forced to implement Duo 2FA for many of my users and this works flawlessly but I still want to use SMS as a backup or get away from having to pay $3 per month per user with Duo.

Any suggestions will be appreciated.

Thanks - Jeff

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

Can you PM me the TAC SR?
As far as I know, the syntax should not have changed between versions.
That suggests this is a bug that we need to investigate. 

0 Kudos