Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
christophe
Participant

Check Point VPN / WebVPN / Mobile Access & Duo MFA (Duo Authentication Proxy v5.0 upwards)

Hello everyone,

For anyone using Duo as their 2 factor authentication service, I'd like to share this information:

Duo works flawlessly up till version 4.0.2, once we upgraded to the Duo Auth Proxy 5.0.1 (latest version), upon confirming the Duo Push Notification, the connection to the VPN does not work anymore (Check Point Gateway drops the traffic).

Turns out that in Version 5.0.0 the Duo Authentication Proxy began sending a RADIUS Message-Authenticator attribute (attribute ID 80) in all responses, which the Check Point gateways don't recognize and drop the traffic.

The solution from Check Point (SR was created, resolved, now closed) is to set the radius_ignore value to 80. Smart Console Menu -> Global Properties -> Advanced -> Configure -> FireWall-1 -> Authentication -> RADIUS.

Afterwards the authentication works again. After having contact with the Duo support, they created a KB for that problem as well:

https://help.duo.com/s/article/6328?language=en_US

Apparently this will be resolved in the upcoming Duo authentication release v5.0.2

Greetings,

Chris

(1)
1 Reply
spaceForceOne
Participant

Same solution worked on Windows Server NPS after Windows Security Update KB5040437.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events