This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Madmaks
Contributor
‎2024-12-12 10:58 AM

OTP (with sms) for Remote VPN

Hi,

 

I want to configure 2FA (OTP with sms) for Remote VPN.

We are using Endpoint 88.32. And we have sms provider.

I need SK or document for this configuration. Yes I found some of documents but i am not sure it is correct or not. Please help me about this subject.

Regards

 

R81.20 and Take 90

 

0 Kudos
11 Replies
CheckMatesAI
Bot
‎2024-12-12 11:26 AM

This answer is provided by Infinity AI Copilot and should be confirmed by reviewing official documentation in Support Center.

To configure 2FA (OTP with SMS) for Remote VPN using Check Point R81.20 and Endpoint 88.32, you can follow these steps:

  1. Enable Two-Factor Authentication:

    • In SmartConsole, go to Security Policies > Shared Policies > Mobile Access and open the Mobile Access Policy in SmartDashboard.
    • Navigate to the Authentication section.
    • Check the option to require users to confirm their identity using Two-Factor Authentication.

  2. Configure DynamicID Settings:

    • In the Dynamic ID Settings section, click Edit.
    • Enter the necessary details for your SMS provider, such as the API ID, username, password, and the message format.
    • Example URL format for SMS: 
      https://api.example.com/http/sendmsg?api_id=$APIID&user=$USERNAME&password=$PASSWORD&to=$PHONE&text=$MESSAGE
    • Ensure that the phone numbers for users are correctly configured in the system, including the country code.

  3. Install the Policy:

    • After configuring the settings, save the changes and install the policy to apply the configuration.

For more detailed instructions, you can refer to the R81.20 Mobile Access Administration Guide.

If you have any specific questions or need further assistance, feel free to ask!

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2024-12-13 03:26 AM

Hi @Madmaks 

Who will provide the second factor? A simple SMS gateway is not enough for this. There is no built is feature for this service.

Solutions:

  • Microsoft MFA
  • RSA Authentication Manager
  • FortiAuthenticator

Can be a good choise.

Do you know any of them?

Akos

 

----------------
\m/_(>_<)_\m/
Madmaks
Contributor
‎2024-12-13 12:18 PM
In response to AkosBakos

Hi @AkosBakos 

We have sms provider s it is not gatewal. They are giving API for OTP.

By the way, checkpoint has native feature for sms OTP. You can reach it under the Multi Login as you can see below.

And for your suggestion solutions I think we will need radius server rigt?

 

checkpoint.png

 

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2024-12-13 12:29 PM
In response to Madmaks

Hi,

I confess for you, I never use this feature earlier. So sorry about the not accurate info.

Do a comparsion what are the weaknesses of the simple SMS. 

Nowadays the Microsoft MFA is the trend. 

----------------
\m/_(>_<)_\m/
0 Kudos
Madmaks
Contributor
‎2024-12-13 12:32 PM
In response to AkosBakos

@AkosBakos  Thank you for your interesting.

Do you have any advise documentation or SK for Microsoft MFA?

BTW we are using Active Directory 2008 and DC is Windows 2008. Olsa we are using office 365 (there is no any on-prime exchange)

What we need for microsoft MFA?

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2024-12-13 01:02 PM
In response to Madmaks

Hi,

Win 2008 is not supported. First upgrade it!

second:

check this

https://support.checkpoint.com/results/sk/sk172909

----------------
\m/_(>_<)_\m/
0 Kudos
Madmaks
Contributor
‎2024-12-13 01:38 PM
In response to AkosBakos

Actually I don't want use SAML, just planing use OTP (microsoft authenticator)  for second password 

0 Kudos
Madmaks
Contributor
‎2024-12-13 02:11 PM
In response to Madmaks

I will try solution under this link even old document

https://community.checkpoint.com/t5/Remote-Access-VPN/Check-Point-EndPoint-Security-VPN-with-Azure-A...

0 Kudos
Madmaks
Contributor
‎2024-12-13 03:03 PM
In response to Madmaks

Microsoft stopped offering MFA Server on July 1, 2019.

0 Kudos
(1)
AkosBakos
Mentor Mentor
Mentor
‎2024-12-14 10:49 AM
In response to Madmaks

What? Are you kidding, are you?

https://www.microsoft.com/en-ca/security/business/identity-access/microsoft-entra-mfa-multi-factor-a...

A lot of company uses for MFA, out company too.

A

----------------
\m/_(>_<)_\m/
0 Kudos
Madmaks
Contributor
‎2024-12-16 01:27 AM
In response to AkosBakos

https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfaserver-dir-radius

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events