Loading...
Loading...
Endpoint Security VPN client timeout reached while Multifactor Authentication (MFA) handled by 3rd party server.;OTP window in Remote Access VPN client to wait for more than 5 minutes.;Login stuck on 41% if entering the OTP after approximately a minute
Environment: The User provides user name and password. An LDAP server looks up the credentials. The credentials are authenticated by a Microsoft RADIUS server. The Check Point Security Gateway sends a RADIUS Access Request to the RADIUS server and "waits" for the reply (RADIUS Access Reject / Accept). While the Gateway is waiting for the RADIUS Access accept/reject, the RADIUS server (not the Gateway) implements a two factor authentication "MFA". It does this by sending a challenge to the User's mobile device (not through the Check Point Security Gateway). The User replies to this challenge, from the mobile device to the RADIUS server. The RADIUS sends a RADIUS Access Accept message to the Security Gateway. This allows the client to connect. If the User replies to the Challenge received on his mobile device in a few seconds, the connection is established without any problem. If the User replies 90 or more seconds after receiving the challenge to his mobile device, the connection fails for "Access denied - wrong user name or password". The Check Point Security Gateway handles the Endpoint connection's timeout as expected, without waiting for the multifactor authentication handled by the RADIUS server. Therefore, the "actual" timeout used by the Endpoint Security VPN Client and by the Security Gateway is reached before the desired time.
Windows
All
Click on a version to see all relevant bugs
Check Point Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.