This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ikokkoris
Contributor
‎2023-03-03 01:15 AM

Integration with Azure AD for remote access VPN

Dear all,

We would like to integrate our Checkpoint cluster with Azure AD.

At the time our client-based remote access vpn users are authenticated via on-premise AD. Client's version is E86.50. We would like to add O365 MFA to the vpn users. For this reason  we have to integrate our Checkpoint cluster (6400 appliances, R81.10 version) with Azure AD in order to authenticate remote users. I read a similar case in the community but our on-premise AD and the Azure AD are not synchronized (we have different domains). Also the solution of SAML authentication is not suitable for us.

Is there any way to implement this scenario?

Thank you in advance for your answers.

Ioannis

 

 

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2023-03-03 04:19 PM

If you do not want to do SAML, the only other option is to integrate with RADIUS.
That means setting up a Network Policy Server: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/auth-radius
It also means entering your fixed password plus your MFA number in the same password field.
The SAML approach is much more user friendly.

ikokkoris
Contributor
‎2023-03-06 12:49 AM
In response to PhoneBoy

Hello,

Thank you for the reply. My concern for the scenario about NPS, is the usage of different domains in local and Azure AD environments. Do you think that it can still work?

PhoneBoy
Admin
Admin
‎2023-03-06 09:46 AM
In response to ikokkoris

Theoretically, you can set both up as authentication methods and use the Multiple Authentication Schemes.
See: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_MobileAccess_AdminGuide/Cont... 
How this will work in practice is a separate question.

0 Kudos
ikokkoris
Contributor
‎2023-03-06 11:59 PM
In response to PhoneBoy

I will try that and come back with feedback. Thanx

0 Kudos
the_rock
Legend
Legend
‎2023-03-06 03:59 PM
In response to ikokkoris

I had customer try that with different domains couple of years ago and we must have spent 10 + hours with TAC and MS support on it, without success. I want to be positive and tell you it would work, but Im also being brutally honest when I say its highly unlikely it will work. Just my feedback about it.

0 Kudos
ikokkoris
Contributor
‎2023-03-06 11:58 PM
In response to the_rock

Appreciate your answer. My first thought was to integrate Azure AD with CP cluster and then users authenticate (through vpn Client) with O365 credentials but I am not sure it works.

0 Kudos
CheckPointerXL
Advisor
Advisor
‎2023-03-09 12:37 AM

I remember month ago that putting user/groups fetched from Azure AD object didn't worked. Is this fixed now?

 

thank you

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top