This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PhongNN
Contributor
‎2020-02-17 03:53 AM

The issue with DynamicID

Hi everybody

I am trying to configure Remote Access with DynamicID on R80.10 GW

I have a URL from SMS server Team to perform GET method to SMS server like this:

http://x.x.x.x:8083/VPNOTP/http/sendmsg?api_id=$APIID&user=vpnotp&password=xxx&to=0901441294&text=TestVPN

When i paste that link to a browser, i get an OTP code to my phone number

But when I run curl_cli on GW, the SMS server return to 505 Internal Error

I tried to capture packet, and I saw all field after "api_id=" was missing when run curl_cli

Is it due to a link error or is it because I incorrectly executed the syntax?

Thank you so much

 

Preview file
18 KB
Preview file
31 KB
0 Kudos
11 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-02-17 05:36 AM

sk160112: 'Dynamic Id authentication failed' error message while trying to connect to Mobile Access ...

sk109435: SMS with DynamicID verification code does not arrive after user successfully authenticated...

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhongNN
Contributor
‎2020-02-17 06:17 PM
In response to G_W_Albrecht

Both 2 sk do not help me in this case 😄

Thank you

0 Kudos
AndresMunoz
Employee Employee
Employee
‎2020-06-08 12:43 PM
In response to PhongNN

Hey buddy,

Did you solve it?

0 Kudos
PhongNN
Contributor
‎2020-06-09 12:05 AM
In response to AndresMunoz

Hi Andres

Yes, I solve this case

I put links in quotes and I can run curl_cli normally

Note: In R80.x Check Point have integrated new I/S for DynamicID.
As part of this change, we have decided to verify the server reply, and as part of it, we are not accepting HTTP 500 replies.
This change was done for security and better code flow decisions. Because of this, with many case upgrade from R77 to R80.x, DynamicID cannot work

Thanks

0 Kudos
MartinTzvetanov
Advisor
‎2020-06-10 12:50 AM
In response to PhongNN

I faced a problem with DynamicID at a customer. The SMS provider serves the api on http and https, but https works only with certificate. I had a case with CheckPoint regarding the situation and they said that the problem is in the certificate. I found a configuration file where you explicitly configure not to check the certificate (the same  -k option you enter with curl/curl_cli) but it didn't work. 

Anybody faced the same issue?

0 Kudos
AndresMunoz
Employee Employee
Employee
‎2020-06-10 07:31 AM
In response to MartinTzvetanov

Hey Martin.

Did you modify this file? $CVPNDIR/bin/sendsms

 

Regards,

 

0 Kudos
MartinTzvetanov
Advisor
‎2020-06-10 07:39 AM
In response to AndresMunoz

Hey,

I  found this and change it following the document:

1Capture.JPG

Maybe you mean to replace "${args[@]}" directly with -k ?

send_sms() {
$FWDIR/bin/curl_cli "${args[@]}" -D - -o /dev/null -s --disable-crl-check

0 Kudos
henry_shih
Explorer
‎2021-07-10 08:28 AM
In response to PhongNN

We are in the process of selecting a SMS provider. Can you tell me who your SMS provider is?

Thanks. 

0 Kudos
Ruan_Kotze
MVP Gold
MVP Gold
‎2021-07-10 12:02 PM
In response to henry_shih

Not OP - but I use Clickatell in my labs and demos and it works well.

0 Kudos
henry_shih
Explorer
‎2021-07-10 03:31 PM
In response to Ruan_Kotze

Please see the attached file, what is the correct information (format and syntax) you put into the SMS settings field?

In check Point Admin. Guide, they have two examples. (not working at all). We would like to learn the correct configuration to put in.

a) To let the DynamicID code to be delivered by SMS only, use the following syntax:
https://api.example.com/http/sendmsg?api_id=$APIID&user=$USERNAME&password=$PASSWORD&to=$PHONE&text=...

c) To let the DynamicID code to be delivered by SMS or email, use the following syntax:
sms:https://api.example.com/sendsms.php?username=$USERNAME&password=$PASSWORD&phone=$PHONE&smstext=$MESS... mail:TO=$EMAIL;SMTPSERVER=smtp.example.com;FROM=sslvpn@example.com;BODY=$RAWMESSAGE

 

 

Preview file
17 KB
0 Kudos
Ruan_Kotze
MVP Gold
MVP Gold
‎2021-07-11 05:24 AM
In response to henry_shih

This is my Clickatell SMS string.  The x's in the string is my API key:

https://platform.clickatell.com/messages/http/send?apiKey=xxxxxxxxxxxxxx&to=$PHONE&content=$MESSAGE

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events