VPN / Authentication

Support for Azure AD is planned during 2025 for all supported Quantum Spark versions.

SAML is supported starting in the R81.10.15 release, for both Centrally Managed and Locally Managed Quantum Spark appliances.

When using a Check Point Gateway in the DAIP configuration (Dynamically Assigned IP Address) and the 3rd-party peer is static (or vice versa), FQDN or the "key_id" authentication factor should be used as the "IP_ADDRESS" because the authentication factor is dynamic.

Centrally Managed Quantum Spark appliances cannot act as the Center Gateway in the Star VPN topology.

Currently, this is not supported.

When a Quantum Spark appliance is configured with more than one ISP, and the active ISP link becomes unstable / drops, the backup ISP links takes over, and a new VPN tunnel is established on it.

Currently, this is supported on Centrally Managed appliances.

Configuring the LDAP fetch frequency is not supported.

Currently, it is only possible to use AD groups.

For additional information, see sk105977.

Yes, Identity Awareness is supported.

Identity Collector is supported starting from the R81.10.05 release.

You can configure this bypass in WebUI on Locally Managed appliances.

Browser-Based Authentication via WebUI is not supported for Centrally Managed appliances.

Below are some of the common configuration issues when using Site to Site VPN:

• Wrong configuration of encryption.

• Authentication.

• IKE version while other peer is configured differently.

• Wrongly configured encryption domains.

• Local NAT is enabled when the Quantum Spark Gateway is behind a Hide NAT device.

In the R81.10.15 release, we improved troubleshooting capabilities by adding additional VPN tunnel data to WebUI, VPN notifications, and the new extended monitoring feature to provide a thorough view for Remote Access VPN.