This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Konstantinos_In
Contributor
‎2018-11-13 08:45 AM

Pros and Cons of different 2fa methods for Remote Access VPN

Hello

I need your feedback about the below thread.

Pros and Cons of different 2fa methods for Remote Access VPN for R80.20.

Option1

User Certificate+Domain username password with SNX

Option2

Domain username password + DynamicID (E-mail method) or SecureID with Remote Access VPN client

BR,
Kostas

5 Replies
G_W_Albrecht
Legend Legend
Legend
‎2018-11-14 01:00 AM

Where is the thread below you want feedback to ? Besides, SNX and RA VPN client are two very different RA solutions, see for differences sk67820: Check Point Remote Access Solutions !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Konstantinos_In
Contributor
‎2018-11-15 12:08 AM
In response to G_W_Albrecht

Hello

It would be interesting to compare 2FA between SNX and Remote Access VPN with client.

BR,

Kostas

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-11-15 03:34 AM
In response to Konstantinos_In

It would be more interesting to compare the customers needs to SNX and RA VPN capabilities, as 2FA is supported by both...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Konstantinos_In
Contributor
‎2018-11-22 11:46 AM
In response to G_W_Albrecht

Hello Gunther

The needs are

1)only corporate laptop joined on the domain must be able to connect

2)most secure multifactor combination

3)less user disruption

4)end users are not administrators on their laptops

5)network vpn access must be the same when laptops are connected on the internal Network 

Thank you 

Kostas

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2018-11-22 02:23 PM
In response to Konstantinos_In

RA VPN client with Check Point VPN client certificate and AD account/PW (with cache) is a sure thing to work properly, this will also work when you need to use secondary connect.

Tokens as 2fa will never work with secondary connect as there is nothing to be able to cache and you will get a challenge for each other GW the secondary connect tries to contact. We had a case were there were multiple AD servers scattered throughout the network and the client was connecting to all 8 of them, asking the user 8 times for a challenge...

Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events