This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
pwillekens
Employee
Employee
‎2020-03-24 03:46 AM

White Paper - RAS VPN with Azure and Microsoft Authenticator MFA

This is guide will describe the full setup configuration of a Azure MFA using the Microsoft Authenticator App in combination with an Active Directory on-premises synced with Azure Active Directory.

The scope is based on VPN remote access on premises that will be moved to Azure Cloud IaaS. The authentication is Active directory credentials in combination with Azure MFA.

 

For the full list of White Papers, go here

Preview file
4557 KB
11 Replies
SamiH
Contributor
‎2020-03-31 07:12 AM

After reading the paper, I think this works with local AD too, without Cloudguard or Azure AD? As it happens, I have a need to combine RADIUS MFA with Identity awareness. Currently we are using RADIUS MFA but the identities won't match AD users even though the used email addresses are the same as in AD accounts. 

0 Kudos
Jonathan
Collaborator
‎2020-08-26 11:39 PM
In response to SamiH

Hi Sami,

Did you ever managed to apply this solution with on-premis AD and without Cloudguard?

0 Kudos
SamiH
Contributor
‎2020-08-26 11:49 PM
In response to Jonathan

We actually have the older MS MFA component which can no longer be downloaded. The new one uses explicitly the Azure AD sync.

It works with the old one, which syncs user information locally to our on-prem MFA/NPS/Radius server - which in turn talks to Azure to send the authentication verification request to user. 

0 Kudos
Jonathan
Collaborator
‎2020-08-27 12:36 AM
In response to SamiH

and do you use Cloudgard or regular on-premise VPN?

 

0 Kudos
SamiH
Contributor
‎2020-08-27 01:15 AM
In response to Jonathan

Just regular on-premise vpn from Check Point gw's. I would assume it works with on-prem vpn with newer Azure MFA + AD sync to Azure, without Cloudguard still. 

pwillekens
Employee
Employee
‎2020-09-15 05:17 AM
In response to Jonathan

It should wokr on both as long the initial Radius request is send to the NPS server

0 Kudos
pwillekens
Employee
Employee
‎2020-09-15 05:17 AM
In response to Jonathan

sorry for the delay response, no i didn't apply this on premises. 

0 Kudos
Paul_Manalaysay
Explorer
‎2020-06-10 12:45 AM

Hello, does this guide also works on Mobile Access VPN? The Portal-based one?
0 Kudos
pwillekens
Employee
Employee
‎2020-06-10 12:48 AM
In response to Paul_Manalaysay

Hi Paul,

I didn't set it up for mobile Acces, but it should work as the procedure is the same.
0 Kudos
Paul_Manalaysay
Explorer
‎2020-06-10 08:48 PM
In response to pwillekens

Thanks a lot!
0 Kudos
am
Participant
‎2020-12-23 02:35 AM

I recommend adding instructions on how to update radius timeouts and retries when using MFA push notifications. 2 retries is too short.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫