Hi! We had implemented Checkpoint firewalls with VPN Connections. Recently we implement SAML with AzureAD to secure the VPN Logins without technical issues, its working properly, but we had a issue : If the users change the Login options to user/password, this options works for local logins on Checkpoint and AD.
We need to work only with local fw login and SAML to the users, I understand the AD integration had to be implemented because this is part of the SAML integration, but i don't want to work this to the users to use user+password direct, because this mantains the vulnerability of use this login option.
Another thing I don't mentioned, I can't use ONLY azureAD, because had third part connections than use local login on checkpoint, so I had to mantain this option because had only Azure Users cost much money.
Please if you can show me an option to use only SAML to users, and the option User+PASS only works to local login FW, no AD.