Hello everyone,
I recently upgraded our Check Point SMB 1800 firewall to the latest firmware version, R81.10.15. One of the new features introduced in this release is the ability to authenticate VPN users via Azure AD (SAML), which I was excited to configure for our environment.
Steps Taken:
- I followed the instructions provided in the Check Point documentation.
- Created a new Enterprise Application on Azure AD to enable VPN authentication for users using their Azure AD accounts.
- After configuration, I tested the application using the "Test Sign-in" feature on the Azure portal. The test was successful, and Microsoft Entra ID issued a SAML token to the service provider (Check Point firewall).
Issue:
However, when I attempt to connect to the VPN using Check Point Endpoint Security, the connection fails. Attached is a screenshot showing the error messages during the connection attempt.
- The VPN client hangs during the connection process, and I receive a "Can't reach this page" message for the authentication step.
- The logs indicate that the VPN client is trying to authenticate but does not seem to proceed beyond that.
What I've Verified:
- Azure AD SAML authentication appears to be configured correctly based on the successful test sign-in from the Azure portal.
- The firewall settings are configured as per the Check Point guide for SAML-based authentication.
- I can confirm that the firewall upgrade to R81.10.15 was successful, and all other firewall features seem to be working as expected.
Request for Assistance:
Has anyone else encountered this issue with Azure AD SAML authentication for remote access VPN after upgrading to R81.10.15? If so, could you share any insights or troubleshooting steps that might help resolve this problem?
Additionally, are there specific logs or debugging steps on the Check Point firewall side that could shed light on why the SAML authentication isn't proceeding during the VPN connection?
Any help would be greatly appreciated!
Thanks in advance for your assistance.
Environment:
- Check Point SMB 1800 firewall (R81.10.15)
- Azure AD for SAML authentication
- Check Point Endpoint Security VPN Client