This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
lullejd
Contributor
‎2018-09-18 07:24 AM

Remote Access VPN with DynamicID

Hello,

I have a question on using DynamicID is the 2 factor authentication method to authenticate remote access vpn users.

All of CheckPoint's documentation is on the MobileAccess Blade when using DynamicID.

Basically, what we want to achieve is that a user can log in from his SecureClient VPN, using AD username and password, then he receives an SMS with OTP and can log in to VPN.

The thing is here. When setting up this on Checkpoint, We are not getting the prompt to enter the OTP password.  Under 'Multiple Client Authentication Settings' in Gateway > VPN Clients > Authentication, we created a new authentication method which comprises of <Username and Password> followed by DynamicID.

Anyone else maybe using this scenario in his setup? Mobile access blade is not enabled in our case.

Thanks in advance.

Senior Information Security Engineer
4 Replies
PhoneBoy
Admin
Admin
‎2018-09-19 08:53 PM

Requires R80.10 and E80.85+ clients.

See: Mobile Access and VPN clients supporting Multiple Login Options 

Dor_Marcovitch
Advisor
‎2019-01-16 11:52 PM
In response to PhoneBoy

hey,

will it also support authentication with certificate & SMS ? 

thanks

0 Kudos
lullejd
Contributor
‎2019-01-17 12:09 AM
In response to Dor_Marcovitch

According to this SK: Multiple Authentication Schemes for Mobile Access / Remote Access 

It is not supported.

Senior Information Security Engineer
Superpinky12
Explorer
‎2020-05-28 05:52 PM
In response to lullejd

Hi. I configured Dynamic Id trough mail. Mobile Access trough portal i receive mail with code. But when connect from Endpoint security cantor receive mail. The conf is the same for both.

0 Kudos