OTP (with sms) for Remote VPN

Madmaks

Hi,

I want to configure 2FA (OTP with sms) for Remote VPN.

We are using Endpoint 88.32. And we have sms provider.

I need SK or document for this configuration. Yes I found some of documents but i am not sure it is correct or not. Please help me about this subject.

Regards

R81.20 and Take 90

CheckMatesAI

This answer is provided by Infinity AI Copilot and should be confirmed by reviewing official documentation in Support Center.

To configure 2FA (OTP with SMS) for Remote VPN using Check Point R81.20 and Endpoint 88.32, you can follow these steps:

Enable Two-Factor Authentication:
- In SmartConsole, go to Security Policies > Shared Policies > Mobile Access and open the Mobile Access Policy in SmartDashboard.
- Navigate to the Authentication section.
- Check the option to require users to confirm their identity using Two-Factor Authentication.
Configure DynamicID Settings:
- In the Dynamic ID Settings section, click Edit.
- Enter the necessary details for your SMS provider, such as the API ID, username, password, and the message format.
- Example URL format for SMS:
```
https://api.example.com/http/sendmsg?api_id=$APIID&user=$USERNAME&password=$PASSWORD&to=$PHONE&text=$MESSAGE 
```
- Ensure that the phone numbers for users are correctly configured in the system, including the country code.
Install the Policy:
- After configuring the settings, save the changes and install the policy to apply the configuration.

For more detailed instructions, you can refer to the R81.20 Mobile Access Administration Guide.

If you have any specific questions or need further assistance, feel free to ask!

AkosBakos

Hi @Madmaks

Who will provide the second factor? A simple SMS gateway is not enough for this. There is no built is feature for this service.

Solutions:

Microsoft MFA
RSA Authentication Manager
FortiAuthenticator

Can be a good choise.

Do you know any of them?

Akos

----------------
\m/_(>_<)_\m/

Madmaks

Hi @AkosBakos

We have sms provider s it is not gatewal. They are giving API for OTP.

By the way, checkpoint has native feature for sms OTP. You can reach it under the Multi Login as you can see below.

And for your suggestion solutions I think we will need radius server rigt?

AkosBakos

Hi,

I confess for you, I never use this feature earlier. So sorry about the not accurate info.

Do a comparsion what are the weaknesses of the simple SMS.

Nowadays the Microsoft MFA is the trend.

----------------
\m/_(>_<)_\m/

Madmaks

@AkosBakos Thank you for your interesting.

Do you have any advise documentation or SK for Microsoft MFA?

BTW we are using Active Directory 2008 and DC is Windows 2008. Olsa we are using office 365 (there is no any on-prime exchange)

What we need for microsoft MFA?

AkosBakos

Hi,

Win 2008 is not supported. First upgrade it!

second:

check this

https://support.checkpoint.com/results/sk/sk172909

----------------
\m/_(>_<)_\m/

Madmaks

Actually I don't want use SAML, just planing use OTP (microsoft authenticator) for second password

Madmaks

I will try solution under this link even old document

https://community.checkpoint.com/t5/Remote-Access-VPN/Check-Point-EndPoint-Security-VPN-with-Azure-A...

Madmaks · Microsoft stopped offering MFA Server on July 1, 2019.

Microsoft stopped offering MFA Server on July 1, 2019.

AkosBakos

What? Are you kidding, are you?

https://www.microsoft.com/en-ca/security/business/identity-access/microsoft-entra-mfa-multi-factor-a...

A lot of company uses for MFA, out company too.

A

----------------
\m/_(>_<)_\m/

Madmaks

https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfaserver-dir-radius

Are you a member of CheckMates?

OTP (with sms) for Remote VPN