Part 2: Enable Checkpoint SSL VPN Remote Access: Step by Step Instruction Part 2 (AD Authentication)
Part 3: Enable Checkpoint SSL VPN Remote Access: Step by Step Instruction Part 3 (Certs and Two Factor Authentication)
Part 4: Enable Checkpoint SSL VPN Remote Access: Step by Step Part 4 - Two Factor Authentication (AD and SMS)
Check Point provide nice integration for Two-Factor Authentication with DynamicID, which is One Time Password.
In this lab, I choose SMS Provider HQSMS.com. It is free for signup and provide 0.30 credit for you to test SMS function, which is 10 SMS messages.
To enable two factor authentication with DynamicID for SMS is also quite straight forward.
Steps:
1. For first factor authentication, username and password has been picked, which is Active Directory account.
2. Second factor authentication is DynamicID.
Either Global settings or Custom settings for this gateway is fine. You have to check the option to choose "Challenge users to provide the DynamicID one time password sent to their email account or mobile device via SMS."Then You will have to fill in SMS provider or Email Settings as show in the following screenshot.
3. Add email address and Mobile Phone number into Test1 AD account
4. After the policy push to the gateway, test it with this Test1 AD account.
The first authentication is AD account username and password.After you sign in with your AD account, automatically gateway will send out One Time Password (verification code) request to SMS Provider.
The registered mobile phone number (+1xxxxxx9266) in Test1 AD account will receive a SMS sent from +44 7156066456:
"Mobile Access DynamicID one time password:611720"
Then verification code can be entered into next screen.
If verification code is correct, you will get into Check Point Mobile window to access allowed resources defined in the Mobile Access Blade.
No comments:
Post a Comment