Image-Based RADIUS Authentication

Use Image-based RADIUS as a secondary authentication factor to authenticate to the Mobile AccessClosed Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB. Portal. It allows Mobile Access to integrate with third-party authentication services.

The images in this authentication factor are patterns of random numbers in a grid. During authentication, the user selects the numbers in the positions that correspond to a pre-selected pattern.

Configuring Image-Based RADIUS

To use image-based RADIUS as an authentication factor in Mobile Access, you have to configure RADIUS authentication with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

To configure Mobile Access authentication factors in SmartConsole:

  1. In SmartConsole, from the Gateways & Servers tab, double-click the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

    The Check Point Security Gateway window shows.

  2. From the menu, click Mobile Access > Authentication.

  3. In the Multiple Authentication Client Settings table, add a new login option.

    1. Click Add > New.

      The Multiple Login Options window shows.

    2. In the Authentication Methods table, click Add to create Authentication Factors.

    3. When the Authentication Factor window opens, click RADIUS.

    4. Under Customize Display, add an appropriate description to the Headline.

      Note - When you return to the Authentication Methods table, make sure RADIUS authentication is not the first factor.

Enabling Image-Based RADIUS on Security Gateways

To enable Image-based RADIUS, edit the configuration file, $CVPNDIR/conf/cvpnd.C on each Mobile Access Security Gateway that uses Image-based RADIUS as an authentication factor.

Important - After every change to $CVPNDIR/conf/cvpnd.C, you must restart the CVPN services with the cvpnrestart command.

:isImageBasedRadiusEnabled (false)

:ImageBasedRadiusRealmNames (

)

:ImageBasedRadiusURL ("")

Fields

Description

Example

:isImageBasedRadiusEnabled (true)

:isImageBasedRadiusEnabled (false)

Enter true to enable.

Enter false to disable.

If set to true, the Security Gateway treats every RADIUS authentication factor found in :ImageBasedRadiusRealmNames as an Image-based RADIUS authentication factor.

 

:ImageBasedRadiusRealmNames

List that has authentication realm names that are configured in SmartConsole, that contain Image-based RADIUS authentication as a secondary factor.

If empty, all the authentication realms with RADIUS as a secondary authentication factor, are treated as an Image-based RADIUS authentication factor.

(: ("realm name as configured")

: ("another realm with Image-based RADIUS"))

:ImageBasedRadiusURL

The URL from the third-party authentication service to get the user grid.

Use $$username as a placeholder for the username.

("https://<authentication_provider_url>?<query_string>&username=$$username")