Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PhongNN
Participant

The issue with DynamicID

Hi everybody

I am trying to configure Remote Access with DynamicID on R80.10 GW

I have a URL from SMS server Team to perform GET method to SMS server like this:

http://x.x.x.x:8083/VPNOTP/http/sendmsg?api_id=$APIID&user=vpnotp&password=xxx&to=0901441294&text=TestVPN

When i paste that link to a browser, i get an OTP code to my phone number

But when I run curl_cli on GW, the SMS server return to 505 Internal Error

I tried to capture packet, and I saw all field after "api_id=" was missing when run curl_cli

Is it due to a link error or is it because I incorrectly executed the syntax?

Thank you so much

 

0 Kudos
11 Replies
PhongNN
Participant

Both 2 sk do not help me in this case 😄

Thank you

0 Kudos
AndresMunoz
Employee
Employee

Hey buddy,

Did you solve it?

0 Kudos
PhongNN
Participant

Hi Andres

Yes, I solve this case

I put links in quotes and I can run curl_cli normally

Note: In R80.x Check Point have integrated new I/S for DynamicID.
As part of this change, we have decided to verify the server reply, and as part of it, we are not accepting HTTP 500 replies.
This change was done for security and better code flow decisions. Because of this, with many case upgrade from R77 to R80.x, DynamicID cannot work

Thanks

0 Kudos
MartinTzvetanov
Collaborator

I faced a problem with DynamicID at a customer. The SMS provider serves the api on http and https, but https works only with certificate. I had a case with CheckPoint regarding the situation and they said that the problem is in the certificate. I found a configuration file where you explicitly configure not to check the certificate (the same  -k option you enter with curl/curl_cli) but it didn't work. 

Anybody faced the same issue?

0 Kudos
AndresMunoz
Employee
Employee

Hey Martin.

Did you modify this file? $CVPNDIR/bin/sendsms

 

Regards,

 

0 Kudos
MartinTzvetanov
Collaborator

Hey,

I  found this and change it following the document:

1Capture.JPG

Maybe you mean to replace "${args[@]}" directly with -k ?

send_sms() {
$FWDIR/bin/curl_cli "${args[@]}" -D - -o /dev/null -s --disable-crl-check

0 Kudos
henry_shih
Explorer

We are in the process of selecting a SMS provider. Can you tell me who your SMS provider is?

Thanks. 

0 Kudos
Ruan_Kotze
Advisor

Not OP - but I use Clickatell in my labs and demos and it works well.

0 Kudos
henry_shih
Explorer

Please see the attached file, what is the correct information (format and syntax) you put into the SMS settings field?

In check Point Admin. Guide, they have two examples. (not working at all). We would like to learn the correct configuration to put in.

a) To let the DynamicID code to be delivered by SMS only, use the following syntax:
https://api.example.com/http/sendmsg?api_id=$APIID&user=$USERNAME&password=$PASSWORD&to=$PHONE&text=...

c) To let the DynamicID code to be delivered by SMS or email, use the following syntax:
sms:https://api.example.com/sendsms.php?username=$USERNAME&password=$PASSWORD&phone=$PHONE&smstext=$MESS... mail:TO=$EMAIL;SMTPSERVER=smtp.example.com;FROM=sslvpn@example.com;BODY=$RAWMESSAGE

 

 

0 Kudos
Ruan_Kotze
Advisor

This is my Clickatell SMS string.  The x's in the string is my API key:

https://platform.clickatell.com/messages/http/send?apiKey=xxxxxxxxxxxxxx&to=$PHONE&content=$MESSAGE

0 Kudos