This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
edd080
Contributor
‎2019-01-10 11:14 PM

Checkpoint endpoint VPN with Microsoft 2-Factor Authentication.

Good Day to all,

                         we currently have our checkpoint endpoint vpn authentication which uses username, password and dynamicid which sends an sms to the user in order to complete the logon.

We would like to change the dynamicid portion to Microsoft's two factor authentication. I am aware that a radius server is needed for this, however is there an sk or guide which can help us out on how checkpoint can be configured for this?

Thanks in advance.

Reply
10 Replies
Chris_Atkinson
Employee++
Employee++
‎2019-01-11 02:34 AM

Further to the relevant sections of the admin guide please see:

sk114263: Can an Azure Multi-Factor Authentication Server be used as a RADIUS server for Mobile Access authentication?

0 Kudos
Reply
edd080
Contributor
‎2019-01-11 02:51 AM
In response to Chris_Atkinson

Thank you for your guides will have a look at them.

Reply
Simone_Balboni
Explorer
‎2019-01-29 06:58 AM
In response to edd080

Hello, curious if you succeeded in this configuration. I am on it as well with the aim of replacing an RSA AuthMgr.

Simo

Reply
edd080
Contributor
‎2019-02-11 05:30 AM
In response to Simone_Balboni

Hi sorry for the late reply, we still haven't got on it yet but will let you know once we get it up and running.

0 Kudos
Reply
Konstantinos_In
Contributor
‎2019-02-28 05:29 AM
In response to edd080

Hello


Did you finally configure it?

BR,

Kostas

0 Kudos
Reply
Simone_Balboni
Explorer
‎2019-03-18 03:22 AM
In response to Konstantinos_In

Hello,

fyi  this setup implies:

1) download a RADIUS proxy VM from Microsoft and configure it to talk to our Azure tenancy MFA instance

2) point checkpoint to that internal RADIUS proxy as a MFA provider

 

I was expecting a more direct connection i.e. Checkpoint to my Azure MFA tenancy directly, but it is not the case.

I have not yet investigated aspects like: how does the system behave if Azure MFA is down or not reachable etc? Are there emergency connection procedures etc?

 

Best regards,

Simone

 

Reply
Konstantinos_In
Contributor
‎2019-04-10 04:30 AM
In response to Simone_Balboni

Hello Simone

 

Can you please kindly share checkpoint configuration and NPS configuration or some hints?

As concerns emergency procedure you could configure another Login option on checkpoint vpn client with one factor authentication.

BR,
Kostas

0 Kudos
Reply
TOM_MORAN
Contributor
‎2019-05-22 01:25 PM
In response to Simone_Balboni

does Checkpoint support Azure mfa in the way it does for example duo ?

 

any help is appreciated

 

Thanks

Tom

0 Kudos
Reply
Rodrigo_Silva
Contributor
‎2019-12-11 09:36 AM

See if this post can help you.

https://community.checkpoint.com/t5/General-Management-Topics/Checkpoint-VPN-with-Microsoft-2-Factor...

Good luck.

 

0 Kudos
Reply