Monday, April 7, 2014

Check Point: How To Configure DynamicID For Two Factor Authentication And One Time Password Usage Via Email

I like this feature out of Check Point.  Two factor authentication, which you can do with most firewalls, is pretty cool.  But I like that the Check Point will also generate you a one time password and send it to you for a second authentication method.  Their documentation is terrible, but here is how to set it up.

Go to your Mobile Access blade and add your Check Point firewall in.  Then, go down to the box circled above, and put in this string in the SMS provider and Email settings after you check the box for "challenge users...":
Once you have configured this and you allow SSLVPN user access, the user will login successfully and then be sent a one time password.  The email (in this case) will look like this:

Its not too hard to setup, but again, Check Points documentation is pretty terrible when it comes to this.  But still a cool feature.


  1. Hi. I have this configured...but can't seem to get TFA to work with the installed mobile access client.

    Any thoughts?


    1. Been a while since I did that. Not sure right off. May be a TAC call.

  2. it's not really 2FA in an email and should be setup as SMS for 2FA.


Your comment will be reviewed for approval. Thank you for submitting your comments.