- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- Re: The issue with DynamicID
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The issue with DynamicID
Hi everybody
I am trying to configure Remote Access with DynamicID on R80.10 GW
I have a URL from SMS server Team to perform GET method to SMS server like this:
http://x.x.x.x:8083/VPNOTP/http/sendmsg?api_id=$APIID&user=vpnotp&password=xxx&to=0901441294&text=TestVPN
When i paste that link to a browser, i get an OTP code to my phone number
But when I run curl_cli on GW, the SMS server return to 505 Internal Error
I tried to capture packet, and I saw all field after "api_id=" was missing when run curl_cli
Is it due to a link error or is it because I incorrectly executed the syntax?
Thank you so much
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Both 2 sk do not help me in this case 😄
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey buddy,
Did you solve it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Andres
Yes, I solve this case
I put links in quotes and I can run curl_cli normally
Note: In R80.x Check Point have integrated new I/S for DynamicID.
As part of this change, we have decided to verify the server reply, and as part of it, we are not accepting HTTP 500 replies.
This change was done for security and better code flow decisions. Because of this, with many case upgrade from R77 to R80.x, DynamicID cannot work
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I faced a problem with DynamicID at a customer. The SMS provider serves the api on http and https, but https works only with certificate. I had a case with CheckPoint regarding the situation and they said that the problem is in the certificate. I found a configuration file where you explicitly configure not to check the certificate (the same -k option you enter with curl/curl_cli) but it didn't work.
Anybody faced the same issue?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Martin.
Did you modify this file? $CVPNDIR/bin/sendsms
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey,
I found this and change it following the document:
Maybe you mean to replace "${args[@]}" directly with -k ?
send_sms() {
$FWDIR/bin/curl_cli "${args[@]}" -D - -o /dev/null -s --disable-crl-check
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are in the process of selecting a SMS provider. Can you tell me who your SMS provider is?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not OP - but I use Clickatell in my labs and demos and it works well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please see the attached file, what is the correct information (format and syntax) you put into the SMS settings field?
In check Point Admin. Guide, they have two examples. (not working at all). We would like to learn the correct configuration to put in.
a) To let the DynamicID code to be delivered by SMS only, use the following syntax:
https://api.example.com/http/sendmsg?api_id=$APIID&user=$USERNAME&password=$PASSWORD&to=$PHONE&text=...
c) To let the DynamicID code to be delivered by SMS or email, use the following syntax:
sms:https://api.example.com/sendsms.php?username=$USERNAME&password=$PASSWORD&phone=$PHONE&smstext=$MESS... mail:TO=$EMAIL;SMTPSERVER=smtp.example.com;FROM=sslvpn@example.com;BODY=$RAWMESSAGE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is my Clickatell SMS string. The x's in the string is my API key:
https://platform.clickatell.com/messages/http/send?apiKey=xxxxxxxxxxxxxx&to=$PHONE&content=$MESSAGE