Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
SriniKrish
Contributor

SMB 2 FA auth Dynamic url config

Jump to solution

Hi Guys,

I am configuring a SMB 1530 device for 2FA auth using a dynamic URL and I have already acquired the Dynamic URL from a provider.

but unfortunately the GAteway says the format is incorrect with the below error.

""Incorrect Dynamic ID URL Format""

can someone Please clarify  what I am doing wrong?

Yes, the API ID is after password, but then even if I re-align it for the sake of it, it still gives the same error. Pls note I have masked the ID and my phone for privacy.

Appreciate any directions here.

Thanks

Srini

 

 

 

0 Kudos
2 Solutions

Accepted Solutions
_Val_
Admin
Admin

If configured like that, authentication message will say "Message" and not what you have in the "Message" field, but it is up to you.

Local users do not have 2FA scheme, you need RADIUS. Follow the admin manual, it is explained there.

View solution in original post

(1)
MikeyT
Employee
Employee

Hi Srini,

I have successfully configured 2FA with Local users as well as AD users. I used the following configuration using Clickatell 3rd Party SMS Provider (see attached).

Feel free to message me if you have any problem regarding the configuration.

Regards,

Michael Tan

View solution in original post

7 Replies
_Val_
Admin
Admin

It should be $MESSAGE, not Message as in your sample, for starters.

$MESSAGE is a variable

Screenshot 2022-05-18 at 08.52.09.png


0 Kudos
SriniKrish
Contributor

Hi Val,

 

Thanks for the update,

surprisingly I did re-align the contents and it accepted the string. ( as attached)

another question,

Do I need a RADIUS/AD to use 2FA or can do with a local user ? When I tried SSLVPN it always failed to authenticate when 2FA was enabled. The moment I turn off, the auth goes through.

Curious if RADIUS is a requirement for 2FA or local user is sufficient.

 

Thanks

Srini

0 Kudos
_Val_
Admin
Admin

If configured like that, authentication message will say "Message" and not what you have in the "Message" field, but it is up to you.

Local users do not have 2FA scheme, you need RADIUS. Follow the admin manual, it is explained there.

(1)
SriniKrish
Contributor

Hi Val,

 

I understand the $message variable. And I have indeed edited it accordingly already when my auth was failing.

I did think so there wud be a need for RADIUS. I did go through the below link it doesn't state anywhere on the requirement. Instead still shows steps to configure via local user . so was conflicting.

https://sc1.checkpoint.com/documents/SMB_R80.20.35/Help/Locally_Managed/EN/Topics/Configuring-Remote...

Any particular reason why we need RADIUS for 2FA and won't work with Local user ?

Thanks anyways.

 

Best regards

Srini

MikeyT
Employee
Employee

Hi Srini,

I have successfully configured 2FA with Local users as well as AD users. I used the following configuration using Clickatell 3rd Party SMS Provider (see attached).

Feel free to message me if you have any problem regarding the configuration.

Regards,

Michael Tan

SriniKrish
Contributor

Hi Mike,

 

Thanks for your input,

Yes, I can confirm that it does work with Local users as well. Looks like my API key was wrong as I was using a developer API.

Works like a breeze now.

@_Val_  Should we be updating the documentation so it helps others too ?

 

Cheers

Srini

0 Kudos
_Val_
Admin
Admin

Not sure I understand. What do you want to change in the documentation?

0 Kudos