This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
VIKAS1
Collaborator
‎2026-02-26 12:05 AM

R82.10 AzureEntraID integrated with Check Point Mobile Access VPN(SNX)

Hi All,

We have Integrated AzureEntra ID on our Checkpoint 3900 series firewall, which running on R82.10 ClusterXL.

Managed by Smart-1 Cloud.

I am trying to configure the Mobile access VPN with SNX, but on Authentication i am not getting SAML option.

find some snap attached.

Can you share me any document or if anyone Integrated pls do share .

 

FW01:0]# cpinfo -y all

This is Check Point CPinfo Build 914000219 for GAIA
[CPshared]
No hotfixes..
[IDA]
No hotfixes..
[CPFC]
No hotfixes..
[MGMT]
No hotfixes..
[FW1]
HOTFIX_PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE
HOTFIX_INEXT_NANO_EGG_AUTOUPDATE
HOTFIX_GOT_TPCONF_AUTOUPDATE

FW1 build number:
This is Check Point's software version R82.10 - Build 407
kernel: R82.10 - Build 422
[SecurePlatform]
No hotfixes..
[CPinfo]
No hotfixes..
[PPACK]
No hotfixes..
[AutoUpdater]
HOTFIX_INFRA_CONFIG_AUTOUPDATE
[DIAG]
No hotfixes..
[CVPN]
No hotfixes..
[cpsdc_wrapper]
HOTFIX_CPSDC_AUTOUPDATE
[CPUpdates]
BUNDLE_QUID_AUTOUPDATE Take: 53
BUNDLE_PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE Take: 21
BUNDLE_INFRA_CONFIG_AUTOUPDATE Take: 13
BUNDLE_INEXT_NANO_EGG_AUTOUPDATE Take: 38
BUNDLE_HCP_AUTOUPDATE Take: 88
BUNDLE_GOT_TPCONF_AUTOUPDATE Take: 158
BUNDLE_CPVIEWEXPORTER_AUTOUPDATE Take: 75
BUNDLE_CPSDC_AUTOUPDATE Take: 40
BUNDLE_CPOTLPAGENT_AUTOUPDATE Take: 131
BUNDLE_CPOTELCOL_AUTOUPDATE Take: 210
[hcp_wrapper]
HOTFIX_HCP_AUTOUPDATE
[CPquid]
HOTFIX_QUID_AUTOUPDATE
[CPviewExporter]
HOTFIX_OTLP_GA
[CPotelcol]
HOTFIX_OTLP_GA
[CPotlpAgent]
HOTFIX_OTLP_GA

 

Preview file
15 KB
Preview file
46 KB
Preview file
64 KB
Preview file
76 KB
0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2026-02-26 01:57 PM

You might be able to use SNX if you authenticate to the Mobile Access portal configured to support SAML Authentication: https://sc1.checkpoint.com/documents/R82.10/WebAdminGuides/EN/CP_R82.10_MobileAccess_AdminGuide/Cont...
You can also use SAML with Remote Access VPN clients: https://sc1.checkpoint.com/documents/R82.10/WebAdminGuides/EN/CP_R82.10_RemoteAccessVPN_AdminGuide/C...

 

Gaurav_Pandya
MVP
MVP
‎2026-02-27 02:54 AM

In addition to that what PhoneBoy suggested, please apply latest jumbo hotfix to avoid any bug related to mobile access vpn. From the "cpinfo -y all" output, it looks like no JHF is installed.

0 Kudos
VIKAS1
Collaborator
‎2026-03-02 04:52 AM
In response to Gaurav_Pandya

Yes,

Recently, our Cloud Smart1 has been updated to the latest version. We are now planning to upgrade the version along with JHF.

However, we have one question:
If we want to use Remote Access VPN along with Mobile Access, which option should we select as shown in the screenshot?

Preview file
70 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2026-03-02 10:05 AM
In response to VIKAS1

Mobile Access is what is necessary here.
Also be mindful of https://support.checkpoint.com/results/sk/sk170775 which suggests this is only supported in Unified Policy mode (not legacy).

If you needed to support SAML with non-SNX clients, Remote Access VPN would also need to be generated.
Yes, this would be done as two separate applications/definitions.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events