Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sam2
Contributor
Jump to solution

SAML Authentication on VPN reauthentication timeout

I have SAML up and running through AzureAD on my VPN gateways, 

For testing purposes i have my AzureAD CA policy set to expire me after 6 hours, my vpn is set to reauthenticate every 12.

Whenever the vpn needs to reauthenticate, it will repeatedly send authentication requests to my phone until i accept the connection.

The result of this is if i leave my pc on and leave my house, every 2 minutes i will get an auth request until i get home and either connect to the VPN again or disconnect entirely. 

Has anyone had this issue? is there anyway to force a timeout after no response on authenticator? 

0 Kudos
1 Solution

Accepted Solutions
George_Casper
Collaborator

We have a similar setup.  At the end of the 12 hour period I get just 2 push notifications to the phone during a 5 minute window to reauthenticate but not repeatedly beyond that.   Can't remember where we set it but I think the 5 minute reauth window is out of the box default on the Checkpoint end regardless of login method.

Update, reauth window (default 5 minutes) may be able to changed in the gateway's reauth_grace_period or client trac.default, reference link: 

https://sc1.checkpoint.com/documents/RemoteAccessClients_forWindows_AdminGuide/Content/Topics-RA-VPN...

View solution in original post

0 Kudos
3 Replies
the_rock
Legend
Legend

100% I can remember there is setting in Azure portal for this, I just cant recall which one. Let me see if I can find it through my notes and send it over.

Andy

0 Kudos
the_rock
Legend
Legend

See if anything from this link helps, if not, I will keep checking.

Andy

https://learn.microsoft.com/en-us/azure/azure-portal/set-preferences

0 Kudos
George_Casper
Collaborator

We have a similar setup.  At the end of the 12 hour period I get just 2 push notifications to the phone during a 5 minute window to reauthenticate but not repeatedly beyond that.   Can't remember where we set it but I think the 5 minute reauth window is out of the box default on the Checkpoint end regardless of login method.

Update, reauth window (default 5 minutes) may be able to changed in the gateway's reauth_grace_period or client trac.default, reference link: 

https://sc1.checkpoint.com/documents/RemoteAccessClients_forWindows_AdminGuide/Content/Topics-RA-VPN...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events