Ukraine flag

We stand with our friends and colleagues in Ukraine. To support Ukraine in their time of need visit this page

> Check Point VPN 2FA

Check Point VPN 2FA

This guide shows how to enable Check Point VPN two-factor authentication (2FA) integrating Check Point VPN with Protectimus multi-factor authentication service or on-premise MFA platform via RADIUS.

Two-factor authentication (2FA) 2FA will protect your users’ accounts and, consequently, your corporate infrastructure from unauthorized access. By activating Check Point VPN 2FA, you protect your users’ accounts from phishing, brute force, data spoofing, keyloggers, man-in-the-middle, social engineering, and a bunch of other cyber attacks.

1. How Check Point VPN Two-Factor Authentication (2FA) Works

Two-factor authentication means using two different types of authenticators to get access to the Check Point account protected with 2FA.

  1. At first, the user enters a standard password and username (something the user knows);
  2. Then they enter a one-time password received with the help of a 2FA token or a smartphone (something the user owns).

Thus, when Check Point VPN 2FA is enabled, it becomes too hard to hack both two-factor authentication passwords at the same time, especially considering that a one-time password is valid only for 30 seconds.

This guide shows how you can set up Check Point 2FA via the RADIUS authentication protocol using the Protectimus Cloud Two-Factor Authentication Service or Protectimus On-Premise 2FA Platform.

Check Point VPN 2FA (two-factor authentication) setup scheme

2. How to Enable Check Point VPN 2FA

You can set up Check Point VPN two-factor authentication (2FA) with Protectimus using the RADIUS protocol:
  1. Get registered with Protectimus SAAS Service or install the On-Premise 2FA Platform and configure basic settings.
  2. Install and configure Protectimus RADIUS Server.
  3. Configure Check Point VPN authentication policies.

2.1. Get Registered and Configure Basic Protectimus Settings

  1. Register with the Protectimus Cloud Service and activate API or install the Protectimus On-Premise Platform (if you install Protectimus Platform on Windows, check the RProxy box during the installation).
  2. Add Resource.
  3. Add Users.
  4. Add Tokens or activate Users’ Self Service Portal.
  5. Assign Tokens to Users.
  6. Assign Tokens with Users to the Resource.

2.2. Install and Configure Protectimus RADIUS Server

Detailed instructions for installing and configuring the Protectimus RADIUS Server for Check Point VPN 2-factor authentication using RADIUS are available here.

2.3. Add Protectimus as RADIUS Server in Check Point

  1. Log into your Check Point Web UI account and navigate to the VPN tab.
Check Point VPN 2FA Setup  - step 1

  1. Under Remote Access, click the Authentications Servers.
Check Point VPN 2FA Setup  - step 2

  1. Under RADIUS Servers,click Configure to add a new RADIUS server configuration.
Check Point VPN 2FA Setup  - step 3

  1. Configure the following settings to add a RADIUS Server.
IP address IP of server where the Protectimus RADIUS Server component is installed.
Port Indicate 1812 (or whichever port you configured in the Protectimus radius.yml file when configuring Protectimus RADIUS Server).
Shared Secret Indicate the shared secret you created in the Protectimus radius.yml file (radius.secret property) when configuring Protectimus RADIUS Server.
Timeout (in seconds) Set to 60 seconds.
Check Point VPN 2FA Setup  - step 4

  1. Then click Apply to continue.
Check Point VPN 2FA Setup  - step 5

  1. Click on the permissions for RADIUS users.
Check Point VPN 2FA Setup  - step 6

  1. Select Enable RADIUS authentication for Remote Access Users and click Apply.
Check Point VPN 2FA Setup  - step 7

Integration of two-factor authentication (2FA/MFA) for your Check Point VPN is now complete. If you have other questions, contact Protectimus customer support service.
Last updated on 2022-11-15