CHECKPOINT MULTI-FACTOR AUTHENTICATION USING UPSSO
This document provides instructions to integrate the CHECKPOINT VPN with the UPSSO RADIUS server.
CHECKPOINT- UPSSO RADIUS NETWORK DIAGRAM
- User authenticated to the firewall using CHECKPOINT client software.
- CHECKPOINT sends an authentication request to the UPSSO Radius server.
- UPSSO Radius server forwards the authentication request to the IDP server.
- IDP server checks the authentication request with enterprise LDAP or UPSSO directory.
- IDP sends the multi-factor token to be configured methods, like Google authenticator, SMS, or Email.
- Radius receives authorization accept or reject method from the IDP server.
- UPSSO Radius server confirms the Authentication request to the target device.
ADD CHECKPOINT RADIUS CLIENT IN UPSSO PORTAL
- Login to UPSSO Portal
- Once login, go to Radius Client's section
- Click on the Add Radius Client Button
- Enter the device friendly name and IP address and secret for the device to authenticate with the RADIUS server—this secret used during the device radius configuration.
CONFIGURING CHECKPOINT ACCESS SERVER
- Login to checkpoint firewall by the URL https://<IP or Domain>:4344 with a administrator username and password
- Once logged in go to VPN tab and make sure VPN is enabled as per the below screenshot
- Click on users and objects and click on authentication servers
- Click on configure the link to add the Radius server. Enter the Details as per the portal.
- Configure Radius settings as per the below screenshot. In the Hostname or IP address field, enter the name of the UPPSO RADIUS server; by default, the port number is 1812.
- Click on Apply to save the changes
- Repeat the steps if you have a secondary server for high availability.
- Configure Remote access permissions as per below screenshot
LOGIN TO VPN USING UPSSO MFA
- Download and install checkpoint endpoint security client
- Open the VPN and click yes on the following prompt.
- Click next on the Site creation wizard
- Fill in the required IP address or domain name of the Check point firewall
- In the Authentication Method select username and password
- Click next and click on finish. Click Yes button to initiate connection
- In the username/Password enter the details which you will login to UPSSO portal
- Enter the OTP receive through email, SMS or Google Authenticator
- Once the credentials are validated you will get connected to the VPN.