Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin

SAML Support for Remote Access VPN

This question has come up a lot on the community.
We now have a formally supported solution that allows integration with ADFS and other SAML-based authentication.
This requires:

  • R80.40 JHF 114 or above
  • Future R81 JHF
  • Specific VPN client (E84.70 on Windows, currently a specific build for macOS)

You can see the details here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

See also this video by @Peter_Elmer 

5 Replies
JustTesting
Participant

This is great news! I've been looking for a way to use Azure MFA, but the Windows NPS RADIUS had some caveats where each additional tunnel with secondary connect re-prompted for MFA.

I am curious how this will behave with secondary connect in my environment, where I have SMB firewalls that won't support the new SAML authentication method. The video says at the 5:20 mark that the identity awareness session can be shared with other gateways post-authentication, but does that apply to authentication itself?

0 Kudos
PhoneBoy
Admin
Admin

That’s a good question.
@AndreiR do you know?

0 Kudos
AndreiR
Employee
Employee

@PhoneBoy  I don't know for sure. Better check with gateway team.

0 Kudos
PhoneBoy
Admin
Admin

We checked this and confirmed that this will only work where the gateway has exactly the same authentication factor/factors as the realm on the primary gateway.
This is by design. 

0 Kudos
JustTesting
Participant

Understood, thank you for looking into it!

0 Kudos