Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
petermatuska
Participant

VPN with MFA push

Hi,

we are extracting username from user's certificate (without password) and sending it to the RADIUS server - ISE. ISE sends it to Duo MFA in order to send the push notification. When user decides to Deny the notification, the Access-Reject is sent from Duo to ISE and from ISE to Check Point. The problem is that after the first Access Reject the second Access-Request is sent from FW and user has to Deny the push 2 more times and after that the VPN client says Denied access.

Where can this "3 times counter" can be changed so after first Deny the connection is rejected?

 

thank you

0 Kudos
2 Replies
the_rock
Champion
Champion

There is really no "3 time counter" anywhere that Im aware of...what does the log show on CP when user rejects the notification?

0 Kudos
petermatuska
Participant

Hi, it says failed log in...I did the wireshark on ISE and CP. Everytime the reject is sent from the ISE, the request is sent from CP.

0 Kudos