Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BALAJIRAJAH_PB
Participant

SAML authentication for Remote access VPN- JHF Take 114

Dear All,

Very recently Checkpoint release Ongoing take Jumbo HF Take_114 to support SAML authentication for Remote access VPN.

Question:-

1. CheckPoint R80.40 /w JHF 114 duly support SAML authentication for Remote access VPN. 

2. Does anyone started using this in production environment by running the Ongoing take instead of GA?

3. Are there any open caveat?

4. CheckPoint VPN client version are available for both Windows and Mac OS?

 

In the end, we were looking forward to run CheckPoint R80.40 to authenticate Mobile Access + Remote access VPN using SAML (Azure IdP) without any dependencies with internal AD or local authentication. 

Any feedback or comments will be really appreciated.......

15 Replies
Royi_Priov
Employee
Employee

Hi @BALAJIRAJAH_PB ,

  1. Yes, we do support SAML integration for RA VPN clients.
  2. This feature was delivered to some customers (on production environments) as customer release before delivered to the JHF. 
  3. The feature passed both customer production coverage and QA tests.
  4. Yes.

If you have any additional questions, please tag me 🙂

 

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
BALAJIRAJAH_PB
Participant

Thanks @Royi_Priov  for your response. I will proceed with the installation of JHF Take 114 and post you the outcome.

0 Kudos
BALAJIRAJAH_PB
Participant

For remote access VPN, IdP authentication with Azure is not working. EndPoint VPN client triggers the embedded Azure MFA authentication but results in HTTP 500 error. Any insight? 

 

0 Kudos
Royi_Priov
Employee
Employee

Hi @BALAJIRAJAH_PB ,

I'm sorry to understand this feature is not working for you out of the box.

Error 500 can be caused by few reasons - we first need to understand if it happens before or after the redirection to the IDP to give us lead to the area of the problem.

The best suggestion at this stage, is to open a new ticket to our support, and attach the logs from "/opt/CPVPNPortal/logs"

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos
BALAJIRAJAH_PB
Participant

Hi @Royi_Priov , I already created a case with CheckPoint support. Started my troubleshooting session on 25th May 2021. Still now no improvement. 

0 Kudos
BALAJIRAJAH_PB
Participant

Using single Azure domain, Check Point gateway support IdP SAML 2.0 authentication either for Mobile Access or Remote access. 

Not both at the same time.  Looking for a hotfix

0 Kudos
Elad_Shoval
Employee
Employee

Hi @BALAJIRAJAH_PB ,

Thank you for your feedback.

We are familiar with your ticket and we will handle it soon.

We will also remove this limitation in the next Jumbo HF.

 

Thanks,

Elad Shoval

Team leader,  Identity Awareness R&D

0 Kudos
BALAJIRAJAH_PB
Participant

@Elad_Shoval , Many thanks for your swift response. May I know the ETA for the next on-going take? 

0 Kudos
Elad_Shoval
Employee
Employee

Hi @BALAJIRAJAH_PB ,

The current ETA is beginning of July.

 

Thanks,

Elad Shoval

Team leader,  Identity Awareness R&D

0 Kudos
BALAJIRAJAH_PB
Participant

Dear @Elad_Shoval , Any update regarding this JHF? 

0 Kudos
Elad_Shoval
Employee
Employee

Hi @BALAJIRAJAH_PB ,

The current ETA is still at beginning of July.

 

Thanks,

Elad Shoval

Team leader,  Identity Awareness R&D

0 Kudos
BALAJIRAJAH_PB
Participant

 

Hi All, 

CheckPoint released Jumbo HF Take_119 on 4th July that support one single idP for authenticate for Mobile Access and EndPoint VPN. I tried and it's not working. Any inputs will be really appreciated. 

0 Kudos
Elad_Shoval
Employee
Employee

Hi @BALAJIRAJAH_PB ,

 

Sorry for the misunderstanding. In take 119, we added the ability to authenticate for Mobile Access and EndPoint VPN at the same time with the same Microsoft azure ad directory. However, each blade on each gateway requires its own Identity Provider object in SmartConsole.

 

Thanks,

Elad Shoval

Team leader,  Identity Awareness R&D

0 Kudos
sachintekane
Explorer

Hi @Elad_Shoval - I'm also facing similar issue where mobile access users auth. is getting failed using SAML Auth. My standalone Security gateway (deployed in Azure IaaS )running with R8.10 version and mobile access + IPsec VPN blade enable and it is managed by MDS (R81 with T81). Kindly refer attached error.

0 Kudos
Nir_Shamir
Employee Employee
Employee

Do we support this feature in R81 ?

if so , is it supported in Smart-1 Cloud ?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events