This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
David_GOURANTON
Participant
‎2023-07-05 02:12 AM

Google Authenticator MFA not working with SMB 1530 gateway in R81.10.07

Hello,

R81.10.07 for Spark gateways brings Google Authenticator MFA for remote access users.

We have enabled the feature but now mobile access users cannot log in anymore. Yet they have received an email with the 2FA QR code and enrolled their mobile phone, but they cannot authentificate. They have tried to concatenate the password with the token code as a prefix or a suffix, remplace the password with the token code, and also enter the token code in the "SecurID" field.

Did anyone try this new feature ? Does it work ?

Regards,

D

0 Kudos
10 Replies
_Val_
Admin
Admin
‎2023-07-05 03:00 AM

Did you follow sk137732 when setting it up?

0 Kudos
David_GOURANTON
Participant
‎2023-07-05 03:06 AM
In response to _Val_

Yes, except that there is now a new option to enable Google Authenticator in the Two-Factor Authentication Settings panel. Users have received the email with the QR code, but cannot authenticate.

0 Kudos
_Val_
Admin
Admin
‎2023-07-05 03:16 AM
In response to David_GOURANTON

Please open a support call with TAC: https://help.checkpoint.com

 

0 Kudos
Tom_Hinoue
Advisor
Advisor
‎2023-07-05 03:28 AM
In response to David_GOURANTON

Assuming the gateway is locally managed... I have tested it before and confirmed it worked.
One thing I did beforehand, is if you're using Endpoint Security VPN then upgrade it to version E87.30.

I think I had some issues authenticating if the Endpoint version was old.

0 Kudos
_Val_
Admin
Admin
‎2023-07-05 03:40 AM
In response to Tom_Hinoue

Second that. I assumed the client version is the latest, but did not ask for it, so worth checking as well.

0 Kudos
David_GOURANTON
Participant
‎2023-07-05 03:47 AM
In response to _Val_

We are using a clientless access. Can you confirm that you need to concatenate the password and the Google Authenticator token code ?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-07-05 08:26 AM
In response to David_GOURANTON

When you say "Clientless Access" what precisely do you mean?

0 Kudos
David_GOURANTON
Participant
‎2023-07-06 06:05 AM
In response to PhoneBoy

I mean SSL Network Extender. Does SNX support 2FA on Spark gateways ? After we enter our login and password, the appliance does not ask for an OTP and the logon page appears again as if the authentication failed.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-07-06 08:58 AM
In response to David_GOURANTON

Right, SNX does not ask for an OTP, you will have to enter it at the end of your fixed password.

0 Kudos
ikafka
Collaborator
‎2023-07-19 11:52 PM
In response to David_GOURANTON

Hi @David_GOURANTON 

You need to check these two checkboxes.

bjBGCaxhGF.png

You also need to enter the e-mail address of the VPN users.
As you mentioned, the QR code comes as an e-mail.
I didn't do anything other than these settings, it works for my device.

My device version: R81.10.07 (996001397

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events