I have setup 1590 appliance to work with RADIUS server for 2ND factor for RAVPN users.
Radius server is Ubuntu 20.04 with FreeRadius service on it.
Radius server part works as a charm, it communicates with Google Authenticator and makes authentication decisions according to user/pass/OTP policy setup.
Problem is that on our CP 1590 appliance side. After successful Radius authentication (RADIUS packets are exchanged between CP 1590 device and Radius server), RAVPN client gets disconnected every time (RAVPN connection is never completed).
SMB appliances use RADIUS v1, and because of that password length together with OTP from goolge authenticator should not be over 16 characters long (it is limitation on SMB appliances they can not use Radius v2).
In security logs we get:
Action: Failed Log In
Reason: Authenticated by RADIUS
Second authentication method: DynamicID
Surely, this is where the problem is.
Our endpoint security VPN client shows: User XXX authenticated by Radius authentication
Check Point 1590 setup:
1. local users with ravpn permission created (according to Radius server - to match username and password with Radius server local users database)
2. Put users in user group with RAVPN permissions
3. Checked option - Require users to confirm their identity using two-factor authentication
Did not checked SMS option as we do not use SMS DynamicID (left it default):
4. Changed auth method on RAVPN client to Radius server
5. We created authentication server (Radius):
Kindly ask You for a hint how to make this work?
All suggestions are welcome.