Mastering Endpoint Security -
Best Practices for 2024
Check Point Named Leader
In Mobile Threat Defense
Regulatory Compliance Update
For Non-US DoC Versions
Customer Threat Prevention
& Vulnerability Management Survey
CheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!
CheckMates Go:
Identity Awareness Best Practices
Hello everyone,
For anyone using Duo as their 2 factor authentication service, I'd like to share this information:
Duo works flawlessly up till version 4.0.2, once we upgraded to the Duo Auth Proxy 5.0.1 (latest version), upon confirming the Duo Push Notification, the connection to the VPN does not work anymore (Check Point Gateway drops the traffic).
Turns out that in Version 5.0.0 the Duo Authentication Proxy began sending a RADIUS Message-Authenticator attribute (attribute ID 80) in all responses, which the Check Point gateways don't recognize and drop the traffic.
The solution from Check Point (SR was created, resolved, now closed) is to set the radius_ignore value to 80. Smart Console Menu -> Global Properties -> Advanced -> Configure -> FireWall-1 -> Authentication -> RADIUS.
Afterwards the authentication works again. After having contact with the Duo support, they created a KB for that problem as well:
https://help.duo.com/s/article/6328?language=en_US
Apparently this will be resolved in the upcoming Duo authentication release v5.0.2
Greetings,
Chris
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
