This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
petermatuska
Participant
‎2022-04-26 01:40 PM

VPN with MFA push

Hi,

we are extracting username from user's certificate (without password) and sending it to the RADIUS server - ISE. ISE sends it to Duo MFA in order to send the push notification. When user decides to Deny the notification, the Access-Reject is sent from Duo to ISE and from ISE to Check Point. The problem is that after the first Access Reject the second Access-Request is sent from FW and user has to Deny the push 2 more times and after that the VPN client says Denied access.

Where can this "3 times counter" can be changed so after first Deny the connection is rejected?

 

thank you

0 Kudos
2 Replies
the_rock
Champion
Champion
‎2022-04-26 06:32 PM

There is really no "3 time counter" anywhere that Im aware of...what does the log show on CP when user rejects the notification?

0 Kudos
petermatuska
Participant
‎2022-04-26 10:53 PM
In response to the_rock

Hi, it says failed log in...I did the wireshark on ISE and CP. Everytime the reject is sent from the ISE, the request is sent from CP.

Preview file
93 KB
0 Kudos