Two-Factor Authentication, also called multi-factor authentication, is an extra layer of security to prevent unauthorized access to your system. To use Two-Factor Authentication, users must have remote access permissions configured, with an email address and mobile phone number.
You can use the Check Point SMS provider (Infinity Portal), or an external SMS provider. If a customer uses a public SMS server, the admin must provide the username and password for the SMTP server.
To sign in with Two-Factor Authentication:
Sign into your account with a user name and password.
You are prompted for a DynamicID One Time Password (OTP) which is sent to your mobile phone via SMS.
To configure remote access permissions for a user:
On the Remote Access Users page, click Add.
The New Local User window opens:
In the Remote Access tab, enter the:
User name.
Password.
Email.
Mobile phone number.
Select Remote Access permissions.
Click Apply.
To require users to use Two-Factor Authentication:
On the VPN Remote Access Control Blade Control page, select Require users to confirm their identity using Two-Factor Authentication.
Click Apply.
Click configure.
The Two-Factor Authentication Settings window opens.
In the Configuration tab, select SMS.
To use Check Point SMS, select Use Check Point SMS provider service.
If you select Use External SMS provider, enter the:
DynamicID URL.
Provider user name.
Provider password.
API ID.
Message to display (optional).
In the Advanced tab, under Dynamic ID Settings, enter the:
Length of the one-time password.
Amount of time in minutes until the password expires.
Maximum number of retries.
Under Country Code, enter the Default country code.
Click Apply.
Notes:
VPN Two-Factor Authentication is per gateway, not administrator.
When you turn on Two-Factor Authentication, you enable it for all VPN clients. This means all VPN clients must have a configured mobile phone number to connect.