Monday, April 7, 2014

Check Point: How To Configure DynamicID For Two Factor Authentication And One Time Password Usage Via Email

I like this feature out of Check Point.  Two factor authentication, which you can do with most firewalls, is pretty cool.  But I like that the Check Point will also generate you a one time password and send it to you for a second authentication method.  Their documentation is terrible, but here is how to set it up.

Go to your Mobile Access blade and add your Check Point firewall in.  Then, go down to the box circled above, and put in this string in the SMS provider and Email settings after you check the box for "challenge users...":
mail:TO=$EMAIL;SMTPSERVER=smtp.companyname.com;FROM=support@companyname.com;BODY=$RAWMESSAGE
Once you have configured this and you allow SSLVPN user access, the user will login successfully and then be sent a one time password.  The email (in this case) will look like this:
Its not too hard to setup, but again, Check Points documentation is pretty terrible when it comes to this.  But still a cool feature.
Posted by

3 comments:

  1. AnonymousOctober 19, 2016 at 10:56 AM

    Hi. I have this configured...but can't seem to get TFA to work with the installed mobile access client.

    Any thoughts?

    Rob

    ReplyDelete
    Replies
    1. ShaneOctober 19, 2016 at 11:22 AM

      Been a while since I did that. Not sure right off. May be a TAC call.

      Delete
  2. AnonymousOctober 5, 2017 at 3:03 PM

    it's not really 2FA in an email and should be setup as SMS for 2FA.

    ReplyDelete

Your comment will be reviewed for approval. Thank you for submitting your comments.

Subscribe to: Post Comments (Atom)