This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sam2
Contributor
‎2024-08-26 10:42 AM
Jump to solution

SAML Authentication on VPN reauthentication timeout

I have SAML up and running through AzureAD on my VPN gateways, 

For testing purposes i have my AzureAD CA policy set to expire me after 6 hours, my vpn is set to reauthenticate every 12.

Whenever the vpn needs to reauthenticate, it will repeatedly send authentication requests to my phone until i accept the connection.

The result of this is if i leave my pc on and leave my house, every 2 minutes i will get an auth request until i get home and either connect to the VPN again or disconnect entirely. 

Has anyone had this issue? is there anyway to force a timeout after no response on authenticator? 

0 Kudos
1 Solution

Accepted Solutions
George_Casper
Collaborator
‎2024-08-26 04:47 PM
Jump to solution

We have a similar setup.  At the end of the 12 hour period I get just 2 push notifications to the phone during a 5 minute window to reauthenticate but not repeatedly beyond that.   Can't remember where we set it but I think the 5 minute reauth window is out of the box default on the Checkpoint end regardless of login method.

Update, reauth window (default 5 minutes) may be able to changed in the gateway's reauth_grace_period or client trac.default, reference link: 

https://sc1.checkpoint.com/documents/RemoteAccessClients_forWindows_AdminGuide/Content/Topics-RA-VPN...

View solution in original post

0 Kudos
3 Replies
the_rock
Legend
Legend
‎2024-08-26 12:27 PM
Jump to solution

100% I can remember there is setting in Azure portal for this, I just cant recall which one. Let me see if I can find it through my notes and send it over.

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-08-26 12:28 PM
Jump to solution

See if anything from this link helps, if not, I will keep checking.

Andy

https://learn.microsoft.com/en-us/azure/azure-portal/set-preferences

0 Kudos
George_Casper
Collaborator
‎2024-08-26 04:47 PM
Jump to solution

We have a similar setup.  At the end of the 12 hour period I get just 2 push notifications to the phone during a 5 minute window to reauthenticate but not repeatedly beyond that.   Can't remember where we set it but I think the 5 minute reauth window is out of the box default on the Checkpoint end regardless of login method.

Update, reauth window (default 5 minutes) may be able to changed in the gateway's reauth_grace_period or client trac.default, reference link: 

https://sc1.checkpoint.com/documents/RemoteAccessClients_forWindows_AdminGuide/Content/Topics-RA-VPN...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events