• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1219
  • Last Modified:

Checkpoint Sofa Firewall version 6.5.43 uable to authenticate users via VPN

I have a Checkpoint firewall that is of course used for security, but also VPN access.  In the past users would VPN to the public IP of this firewall, using their domain credentials to authenticate.  For whatever reason users are now unable to VPN with their domain credentials.  If I attempt to VPN it fails - within the Checkpoint Event Log I can see this failed attempt (ip address is censored):
"Connection from ip 7x.9x.1xx.7x with user sknoll failed. Reason of failure :User authentication by VPN-1 failed."

We have disabled VPN, rebooted.  Re-enabled VPN, rebooted and still no success.

Yes, if we create local users within the Firewall I can log in this way, however we would like to  authenticate our domain credentials.
0
sknoll84
Asked:
sknoll84
  • 2
1 Solution
 
yuriskCommented:
I've seen this problem with one of our clients after all his boxes upgraded automatically
to the newest firmware 7.5.55 - local authentication worked fine, Radius against AD didn't work with VPNs. We started process with CHeckpoint/Sofaware TAC but client had
no time to wait for them to come up with something and just downgraded his boxes back to 7.0.48, that solved the problem immediately.
0
 
sknoll84Author Commented:
I learned about the RADIUS server functionality this morning - pretty interesting.
We are going to reboot our Primary RADIUS server this afternoon, hopefully this will help.
0
 
sknoll84Author Commented:
we rebooted the radius server and now the vpn work just fine.
of course we tried restarting services first but we didnt have any success with that.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now