This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MarcuzShinz
Contributor
Contributor
Friday

MFA VPN screen does not appear on Logon screen

Dear Guy!

Currently, we are facing an issue with remote access VPN connectivity on Check Point, specifically:

  1. We are deploying Check Point VPN with MFA via Azure. When we log in to Windows and initiate the VPN connection, an MFA popup appears for authentication, and the connection is successfully established.

  2. The issue we are encountering is that when we attempt to connect to the VPN from the Windows logon screen, the MFA popup does not appear, causing the VPN connection to fail.

=> Is there a way to configure the system to display the MFA popup outside the Windows logon screen?

 

Preview file
542 KB
Preview file
1447 KB
Preview file
1502 KB
Preview file
1538 KB
0 Kudos
1 Reply
PhoneBoy
Admin
Admin
Friday

The ability to prompt for VPN connection before Windows login is a feature we call SDL (Secure Domain Logon).
Because there is no user at the Windows login screen and a browser is needed to perform the authentication, the browser runs with the only permissions it has: SYSTEM.
That's potentially dangerous and thus why we do not support SDL with SAML authentication.

Having said that, we've come up with a different authentication flow for this use case that is more secure.
Specifically, instead of authenticating on the local browser, a QR code is displayed which you can use to complete the authentication flow from a different device.
However, it is currently only available as a customer release tied to a specific version/JHF level and VPN client release.
Contact your local Check Point office for additional information.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events