This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tim_McColgan
Contributor
‎2020-06-10 11:16 AM

Duo setup with VPN remote access

My goal is to primary auth the user with LDAP then second auth with a duo push. Although the confusing part is there is RADIUS configuration required, even though I only want to use LDAP w/ Duo. Not sure I understand why but any configuration examples would be helpful!! 

Here is mine today:

 

[ad_client]
host=1.2.3.4 (AD server IP)
service_account_username=ad-admin
service_account_password=ad-admin-password
search_dn=DC=domain,DC=com
security_group_dn="CN=Duo Checkpoint VPN,OU=Groups,DC=domain,DC=com"

[radius_server_auto]
ikey=ikey_from_duo_console
skey=skey_from_duo_console
api_host=api-123456789.duosecurity.com
radius_ip_1=checkpoint_gw1
radius_ip_2=checkpoint_gw2
radius_secret_1=secret1
radius_secret_2=secret2
client=ad_client
port=1812
failmode=secure

 

I am seeing the firewall logs that the radius server is not responding, but I am guess that just means it cannot properly authenticate my account. I know network-wise the gateways can reach the Duo proxy server. 

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2020-06-14 12:52 AM

Have you followed the guide Duo has for this? https://duo.com/docs/checkpoint
Tim_McColgan
Contributor
‎2020-07-14 06:46 AM
In response to PhoneBoy

I did, after a few tweaks I am up and working. Crazy enough, my fix was to remove the double quotes from the security dn. 

 

security_group_dn=CN=Duo Checkpoint VPN,OU=Groups,DC=domain,DC=com

Shahar_Grober
Advisor
‎2020-09-25 03:29 AM
In response to Tim_McColgan

Hi Tim,

 

did you manage to get the Duo work with Push instead of OTP?

0 Kudos
Tim_McColgan
Contributor
‎2020-09-25 06:26 AM
In response to Shahar_Grober

Yes!
0 Kudos
Shahar_Grober
Advisor
‎2020-09-25 06:34 AM
In response to Tim_McColgan

Thanks, is there a way to perform a push option without using the "Password,push" 

I find it quite annoying and I would be happy to allow a seamless and cleaner user experience to our users 

0 Kudos
Tim_McColgan
Contributor
‎2020-09-25 07:07 AM
In response to Shahar_Grober

Yes, in the [radius_server_auto] portion of your authproxy.cfg file you would just add this: 

factors = push

 

You can add many factors to it, but I prefer and only use push. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events