This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jonathan_James
Employee
Employee
‎2020-03-31 01:31 PM

White Paper - How to configure C2S VPN with AzureAD and 2FA

Hi Folks,

 

Well this is my first post here, figured I would create a quick document for a few of my customers but there has been a wider interest in it as well.

 

  1. Create new public DNS domain
  2. Added domain as a “Custom domain name” in AzureAD
  3. Created 2019 AD domain on prem
  4. Installed NPS onto AD server
  5. ** STOP AND TEST RADIUS **
  6. Installed Azure AD Connect and began AD sync to cloud
  7. Installed “Network Policy Server extension for Azure” on top of NPS
  8. Test

The way I have it setup is the gateway sends a RADIUS request to MS NPS, NPS auths’s against AD, if successful NPS will send it to AzureAD for OTP creation, MS will then send the OTP via SMS or email to the end user.

 

For the full list of White Papers, go here

This is tested with a 750 running latest code as the gateway, SecureClient on the user PC and Capsule VPN on windows10

 

 

 

happy to answer questions or provide more info if needed.

 

 

4 Replies
PhoneBoy
Admin
Admin
‎2020-04-02 02:35 PM

Tagging @_Val_, we probably need to treat this as a whitepaper.

0 Kudos
_Val_
Admin
Admin
‎2020-04-03 02:38 AM
In response to PhoneBoy

Yes, master, it is a white paper now

0 Kudos
JT_Roomspace
Explorer
‎2020-05-11 07:25 AM
In response to _Val_

Hello everyone,

can someone explain me the option on the Radius settings?

 "Ask user for password (will be used to automatically answer the first challenge)".

we are planning to do the same config on SMB devices too and there I dont have this option.

Thanks in advance.

0 Kudos
JT_Roomspace
Explorer
‎2020-05-11 07:29 AM
In response to _Val_

Hello everyone,

can someone please explain me this option on the Radius setting.
"Ask user for password (will be used to automatically answer the first challenge)".
Im trying to setup a SMB device and dont have this option.

thanks in advance
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top