This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
anishtholath
Explorer
‎2021-06-23 04:04 AM

Remote access using Active Directory with Radius/Duo authentication

Hi,

I would like to know how we can enable remote access VPNs for all the users configured on our AD server. The users should be able to authenticate using the Duo/Radius server we have already in place.

Current setup as below: -

1. Create the User on smartconsole and configure authentication as Duo

2. Create Duo accounts

3. User login to their endpoint security client using AD credentials, receives a Duo push and authneticate themselves and connect the VPN

 

We want it to change so that the VPN user creation on the smartconsole is not required. Every new user in the AD should have the remote access VPN with duo authentication enabled.

 

Anish

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2021-06-25 02:50 PM

What you need to create is an External User Profile.
Which isn't obvious because SmartConsole does not have this option.
It needs to be done with the legacy SmartDashboard client as described here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
anishtholath
Explorer
‎2021-07-08 07:45 AM
In response to PhoneBoy

Hi ,

Is there a detailed documentation on how to do this? What am i supposed to do with the external user profile?

0 Kudos
the_rock
Legend
Legend
‎2021-06-25 06:31 PM

Pretty simple. All you have to do is make sure that under gateway properties, vpn office mode, authentication -> and then under settings there, choose radius and select radius server you configured. As long as your radius communicates fine with the gateway, thats all you really need. Now, there is a document for radius auth with vpn clients (attached here). Phoneboy is correct as far as external user profile, but I can tell you that I never had to do that myself for Radius auth and worked fine every time. Message me privately if you wish and happy to do remote session to show you.

Preview file
1314 KB
0 Kudos
anishtholath
Explorer
‎2021-07-08 07:46 AM
In response to the_rock

Hi, we already have radius configured which we are using to authenticate the vpn clients. what i want is to remove the necessity of creating the users on the firewall and instead let all the AD users connect using vpn clients and authenticate using duo/radius.

0 Kudos
Institut_fuer_R
Participant
‎2021-07-08 07:51 AM
In response to anishtholath

Did you set duo up to have your AD users in correctly?

 

https://duo.com/docs/checkpoint

 

Because what you are describing is how it just usually works, if you follow that explication.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events