This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AS2021
Contributor
‎2024-04-19 11:32 AM
Jump to solution

Endpoint Security VPN | Comparing VPN Authentication Slowness: 1470 vs 1570 Models

Hi folks,

Why does setting up MFA on Appliance 1570/1590 result in a 25-second delay before the MFA page appears after entering the username/password, whereas on model 1470/1490, it only takes 5 seconds? Both appliances utilize the same RADIUS server. What could explain this discrepancy, and what troubleshooting steps could be undertaken to address it?

0 Kudos
1 Solution

Accepted Solutions
AS2021
Contributor
‎2024-04-29 06:32 AM
In response to AS2021
Jump to solution

Hi again,

We were able to find a solution to our problem. We discovered that there were two different behaviors from Model 1470 with Version 77.20 and the embedded version of R81.10 on model 1570. Although the setup was identical on both models, the delay on authentication was caused by model 1570 checking authentication with LDAP first.

To resolve this issue, we ensured that the firewall never asked for LDAP and went directly on radius by selecting a single LDAP AU in the 'User Directory' and then setting the priority to 1001. This ensured that the firewall did not use that server, which resolved our issue. As a result of this solution, we are now able to connect to VPN almost instantly. sk174664

View solution in original post

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2024-04-19 11:57 AM
Jump to solution

What version(s) of firmware are involved here?

0 Kudos
AS2021
Contributor
‎2024-04-19 12:17 PM
In response to PhoneBoy
Jump to solution

1570/1590 : R81.10 Slow

1470/1490 : R77.20 Normal

Both use the same radius server.

MS - MFA authentication.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-04-19 03:12 PM
In response to AS2021
Jump to solution

Which R81.10?
Which R77.20?
Both have a dot number after the version.
Are the SMBs managed through a Smart-1 (Cloud or on-prem) or via local interface/Infinity Portal?
Also, which versions of the VPN client are used?
Did you take packet captures while the user authenticates to see if the traffic looks different between the two?

I suggest engaging the TAC here as this is the first time I've seen such an issue reported.
https://help.checkpoint.com 

0 Kudos
AS2021
Contributor
‎2024-04-22 06:01 AM
In response to PhoneBoy
Jump to solution

Hi again,

Thank you for checking in.

I have created a case with TAC to investigate this issue. It's a stange case, so we need to capture the traffic to identify any unusual behavior.

The firewall version is R81.10.10 (1570), while the endpoint client is E88.20 on Windows. The SMBs are managed on-premises via S2S VPN, and the RADIUS server is also behind the VPN.

 

I will update you as soon as we find something.

 

0 Kudos
AS2021
Contributor
‎2024-04-29 06:32 AM
In response to AS2021
Jump to solution

Hi again,

We were able to find a solution to our problem. We discovered that there were two different behaviors from Model 1470 with Version 77.20 and the embedded version of R81.10 on model 1570. Although the setup was identical on both models, the delay on authentication was caused by model 1570 checking authentication with LDAP first.

To resolve this issue, we ensured that the firewall never asked for LDAP and went directly on radius by selecting a single LDAP AU in the 'User Directory' and then setting the priority to 1001. This ensured that the firewall did not use that server, which resolved our issue. As a result of this solution, we are now able to connect to VPN almost instantly. sk174664

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events