This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
BALAJIRAJAH_PB
Participant
‎2021-05-03 07:39 AM

SAML authentication for Remote access VPN- JHF Take 114

Dear All,

Very recently Checkpoint release Ongoing take Jumbo HF Take_114 to support SAML authentication for Remote access VPN.

Question:-

1. CheckPoint R80.40 /w JHF 114 duly support SAML authentication for Remote access VPN. 

2. Does anyone started using this in production environment by running the Ongoing take instead of GA?

3. Are there any open caveat?

4. CheckPoint VPN client version are available for both Windows and Mac OS?

 

In the end, we were looking forward to run CheckPoint R80.40 to authenticate Mobile Access + Remote access VPN using SAML (Azure IdP) without any dependencies with internal AD or local authentication. 

Any feedback or comments will be really appreciated.......

15 Replies
Royi_Priov
Employee
Employee
‎2021-05-03 12:23 PM

Hi @BALAJIRAJAH_PB ,

  1. Yes, we do support SAML integration for RA VPN clients.
  2. This feature was delivered to some customers (on production environments) as customer release before delivered to the JHF. 
  3. The feature passed both customer production coverage and QA tests.
  4. Yes.

If you have any additional questions, please tag me 🙂

 

Thanks,
Royi Priov
R&D Group manager, Infinity Identity
BALAJIRAJAH_PB
Participant
‎2021-05-03 06:28 PM
In response to Royi_Priov

Thanks @Royi_Priov  for your response. I will proceed with the installation of JHF Take 114 and post you the outcome.

0 Kudos
BALAJIRAJAH_PB
Participant
‎2021-06-01 12:50 PM
In response to BALAJIRAJAH_PB

For remote access VPN, IdP authentication with Azure is not working. EndPoint VPN client triggers the embedded Azure MFA authentication but results in HTTP 500 error. Any insight? 

 

0 Kudos
Royi_Priov
Employee
Employee
‎2021-06-02 12:26 AM
In response to BALAJIRAJAH_PB

Hi @BALAJIRAJAH_PB ,

I'm sorry to understand this feature is not working for you out of the box.

Error 500 can be caused by few reasons - we first need to understand if it happens before or after the redirection to the IDP to give us lead to the area of the problem.

The best suggestion at this stage, is to open a new ticket to our support, and attach the logs from "/opt/CPVPNPortal/logs"

Thanks,
Royi Priov
R&D Group manager, Infinity Identity
0 Kudos
BALAJIRAJAH_PB
Participant
‎2021-06-02 01:19 PM
In response to Royi_Priov

Hi @Royi_Priov , I already created a case with CheckPoint support. Started my troubleshooting session on 25th May 2021. Still now no improvement. 

0 Kudos
BALAJIRAJAH_PB
Participant
‎2021-06-04 03:19 PM
In response to BALAJIRAJAH_PB

Using single Azure domain, Check Point gateway support IdP SAML 2.0 authentication either for Mobile Access or Remote access. 

Not both at the same time.  Looking for a hotfix

0 Kudos
Elad_Shoval
Employee
Employee
‎2021-06-06 07:09 AM
In response to BALAJIRAJAH_PB

Hi @BALAJIRAJAH_PB ,

Thank you for your feedback.

We are familiar with your ticket and we will handle it soon.

We will also remove this limitation in the next Jumbo HF.

 

Thanks,

Elad Shoval

Team leader,  Identity Awareness R&D

0 Kudos
BALAJIRAJAH_PB
Participant
‎2021-06-07 08:45 AM
In response to Elad_Shoval

@Elad_Shoval , Many thanks for your swift response. May I know the ETA for the next on-going take? 

0 Kudos
Elad_Shoval
Employee
Employee
‎2021-06-08 05:56 AM
In response to BALAJIRAJAH_PB

Hi @BALAJIRAJAH_PB ,

The current ETA is beginning of July.

 

Thanks,

Elad Shoval

Team leader,  Identity Awareness R&D

0 Kudos
BALAJIRAJAH_PB
Participant
‎2021-06-21 05:55 AM
In response to Elad_Shoval

Dear @Elad_Shoval , Any update regarding this JHF? 

0 Kudos
Elad_Shoval
Employee
Employee
‎2021-06-23 05:55 AM
In response to BALAJIRAJAH_PB

Hi @BALAJIRAJAH_PB ,

The current ETA is still at beginning of July.

 

Thanks,

Elad Shoval

Team leader,  Identity Awareness R&D

0 Kudos
BALAJIRAJAH_PB
Participant
‎2021-07-12 06:01 AM
In response to Elad_Shoval

 

Hi All, 

CheckPoint released Jumbo HF Take_119 on 4th July that support one single idP for authenticate for Mobile Access and EndPoint VPN. I tried and it's not working. Any inputs will be really appreciated. 

0 Kudos
Elad_Shoval
Employee
Employee
‎2021-07-12 10:50 AM
In response to BALAJIRAJAH_PB

Hi @BALAJIRAJAH_PB ,

 

Sorry for the misunderstanding. In take 119, we added the ability to authenticate for Mobile Access and EndPoint VPN at the same time with the same Microsoft azure ad directory. However, each blade on each gateway requires its own Identity Provider object in SmartConsole.

 

Thanks,

Elad Shoval

Team leader,  Identity Awareness R&D

0 Kudos
sachintekane
Explorer
‎2023-05-04 11:06 AM
In response to Elad_Shoval

Hi @Elad_Shoval - I'm also facing similar issue where mobile access users auth. is getting failed using SAML Auth. My standalone Security gateway (deployed in Azure IaaS )running with R8.10 version and mobile access + IPsec VPN blade enable and it is managed by MDS (R81 with T81). Kindly refer attached error.

Preview file
127 KB
Preview file
91 KB
0 Kudos
Nir_Shamir
Employee Employee
Employee
‎2021-08-30 01:03 AM

Do we support this feature in R81 ?

if so , is it supported in Smart-1 Cloud ?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events