Part 1: Enable Checkpoint SSL VPN Remote Access: Step by Step Instruction Part 1 (Local User Authentication)
Part 2: Enable Checkpoint SSL VPN Remote Access: Step by Step Instruction Part 2 (AD Authentication)
Part 3: Enable Checkpoint SSL VPN Remote Access: Step by Step Instruction Part 3 (Certs and Two Factor Authentication)
Part 4: Enable Checkpoint SSL VPN Remote Access: Step by Step Part 4 – Two Factor Authentication (AD and SMS)
Check Point provide nice integration for Two-Factor Authentication with DynamicID, which is One Time Password.
In this lab, I choose SMS Provider HQSMS.com. It is free for signup and provide 0.30 credit for you to test SMS function, which is 10 SMS messages.
To enable two factor authentication with DynamicID for SMS is also quite straight forward.
Steps:
1. For first factor authentication, username and password has been picked, which is Active Directory account.
2. Second factor authentication is DynamicID.
Either Global settings or Custom settings for this gateway is fine. You have to check the option to choose “Challenge users to provide the DynamicID one time password sent to their email account or mobile device via SMS.”
Then You will have to fill in SMS provider or Email Settings as show in the following screenshot.
3. Add email address and Mobile Phone number into Test1 AD account
4. After the policy push to the gateway, test it with this Test1 AD account.
The first authentication is AD account username and password.
After you sign in with your AD account, automatically gateway will send out One Time Password (verification code) request to SMS Provider.
The registered mobile phone number (+1xxxxxx9266) in Test1 AD account will receive a SMS sent from +44 7156066456:
“Mobile Access DynamicID one time password:611720”
Then verification code can be entered into next screen.
If verification code is correct, you will get into Check Point Mobile window to access allowed resources defined in the Mobile Access Blade.
Reference:
- Mobile Access Blade Configuration and Settings
- HQSMS.COM HTTPS specification 3.4 (pdf version)
- Mobile Access R77 Versions Administration Guide for User Authentication
Another example is when you use public Wi – Fi, knowing
your wireless data can be sniffed out by criminals. Operates on multiple platforms: be sure that the provider
you choose will support both Android VPN clients as well as
i – Phone VPN clients. Provide a remote access VPN infrastructure that includes IAS
for centralized authentication, authorization (remote access
policies), and accounting.
Take a look at my website f vpn forgotten pass