RA VPN authentication with and without MFA ( with ... - Check Point CheckMates

R81.20 Single Click VPN
Join The DeepDive Webinar!

Register Now!

What's New In Harmony Endpoint?
Join the TechTalk on Oct 18th!

REGISTER NOW

AI With Check Point -
Security and Strategy

WATCH NOW

Infinity Global Services
Building Cyber Resilience

Learn More!

CheckMates Go:
A Step in the Wrong Direction

LISTEN NOW

YOU DESERVE THE BEST SECURITY
Stay Up To Date

UPGRADE NOW!

Hello,

I have a customer (currently on R81 HFA44) who would like to fully realize the following scenario for the connection of his users via Harmony Endpoint (currently on E86.10):

1. RADIUS auth with MFA for users in a specific AD group (i.e. VPN_WITH MFA), WITHOUT password change from the CP Harmony Endpoint (they do it from the Azure portal)

2. users in this specific group (VPN_WITH_MFA) must NOT be able to change the authentication to LDAP in the CP Harmony Endpoint local configuration

3. LDAP auth for users in a different AD groups (i.e. VPN_USERS) but WITH change password from the CP Harmony Endpoint.

All the configuration and devices are on premise, except the users of the VPN_WITH_MFA who are on Azure and using Microsoft Authenticator through Radius.

Actually, points 1 & 3 are working, but users in the VPN_WITH_MFA group are able to bypass the MFA authentication by simply selecting the login via Username&Password in their Harmony Endpoint client.

In fact, the actual configuration is the following:

Is there a way to allow the 1 & 2 & 3 configuration at the same time?

Thank you,

Luca

0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

User

Count

20

2

2

2

1

1

1

1

1

1

Upcoming Events

Sort by:

Thu 05 Oct 2023 @ 09:30 AM (IDT)

Simplifying & securing your hybrid WAN with Azure Virtual WAN & Check Point

Virtual

Thu 05 Oct 2023 @ 10:00 AM (CEST)

CheckMates Live BeLux: Check Point and the future of SASE

Virtual

Thu 05 Oct 2023 @ 11:00 AM (EDT)

Tips and Tricks 2023 #15: Linux Integration with Harmony Endpoint

Virtual

Thu 05 Oct 2023 @ 11:00 AM (PDT)

West US: Performance Optimization Introduction

Virtual

Tue 10 Oct 2023 @ 11:00 AM (CDT)

Central US: Network Security Troubleshooting Part 2: Traffic Filtering

Virtual

Wed 11 Oct 2023 @ 06:00 PM (IDT)

Take Your Data Security Posture Management to the Next Level with CNAPP

Virtual

Thu 05 Oct 2023 @ 10:00 AM (CEST)

CheckMates Live BeLux: Check Point and the future of SASE

Virtual

Thu 05 Oct 2023 @ 11:00 AM (EDT)

Tips and Tricks 2023 #15: Linux Integration with Harmony Endpoint

Virtual

Thu 05 Oct 2023 @ 11:00 AM (PDT)

West US: Performance Optimization Introduction

Virtual

Tue 10 Oct 2023 @ 11:00 AM (CDT)

Central US: Network Security Troubleshooting Part 2: Traffic Filtering

Virtual

Wed 11 Oct 2023 @ 06:00 PM (IDT)

Take Your Data Security Posture Management to the Next Level with CNAPP

Virtual

Thu 12 Oct 2023 @ 10:00 AM (CEST)

Unlock the Future of Cybersecurity Services with Infinity Global Services - EMEA & APAC

In-Person

Wed 08 Nov 2023 @ 10:00 AM (CET)

CheckMates Live Vienna - Troubleshooting Workshop

In-Person

Tue 21 Nov 2023 @ 10:00 AM (CET)

CheckMates Live Lubljana - Performance Optimization Workshop

In-Person

Wed 22 Nov 2023 @ 10:00 AM (CET)

CheckMates Live Zagreb - Performance Optimization Workshop

In-Person

Thu 23 Nov 2023 @ 10:00 AM (CET)

CheckMates Live Belgrade - Performance Optimization Workshop

CheckMates Events