This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
chethan_m
Collaborator
3 weeks ago
Jump to solution

Issues with Remote Access VPN with SMS Multifactor Factor Authentication - Dynamic ID

Hi Everyone,

 

One of our customers recently updated their RAVPN Authentication settings. Now they want to enforce MFA with SMS for all the users.

The customer's SMS gateway provided have shared their API, but it doesn't seem to trigger an SMS.

 

I have checked the configuration against the resources and found everything to be in place:

  •  On SmartConsole, VPN client's authentication settings is updated not to allow older clients to connect. 2FA authentication with SMS is selected.
  • On SmartDashboard, the DynamicID is enabled too to mandatorily enforce DynamicID to log in.
  • The SMS Gateway provider settings (string) and credentials (username, password, and API Key) is updated accordingly.
  • The "$CPDIR/conf/dynamic_id_users_info.lst" file is updated with username and phone numbers.

 

The VPN client fetches the list of phone numbers configured and shows a prompt: "Please enter the number that matches your DynamicID Target", but no SMS is received. 

 

Should I check this with SMS Gateway provider? or there are any diagnosis commands to prove that the SMS request is triggered towards the SMS gateway? 

Attached the image for reference.

 

Thank you

Preview file
136 KB
0 Kudos
1 Solution

Accepted Solutions
chethan_m
Collaborator
Friday
In response to PhoneBoy
Jump to solution

After lot of discussions and TAC cases with the SMS Gateway provider we were able to resolve the issue. 

The issue was with the API string that they provided to us. We received the corrected variables/placeholders for the OTP and phone number.

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
3 weeks ago
Jump to solution

I believe the command that sends the SMS is: $CVPNDIR/bin/sendsms
It's a shell script, which I assume can be reviewed for possible debug points.

0 Kudos
chethan_m
Collaborator
Friday
In response to PhoneBoy
Jump to solution

After lot of discussions and TAC cases with the SMS Gateway provider we were able to resolve the issue. 

The issue was with the API string that they provided to us. We received the corrected variables/placeholders for the OTP and phone number.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events