Solved

Checkpoint Sofa Firewall version 6.5.43 uable to authenticate users via VPN

Posted on 2008-10-09
3
1,045 Views
Last Modified: 2013-11-16
I have a Checkpoint firewall that is of course used for security, but also VPN access.  In the past users would VPN to the public IP of this firewall, using their domain credentials to authenticate.  For whatever reason users are now unable to VPN with their domain credentials.  If I attempt to VPN it fails - within the Checkpoint Event Log I can see this failed attempt (ip address is censored):
"Connection from ip 7x.9x.1xx.7x with user sknoll failed. Reason of failure :User authentication by VPN-1 failed."

We have disabled VPN, rebooted.  Re-enabled VPN, rebooted and still no success.

Yes, if we create local users within the Firewall I can log in this way, however we would like to  authenticate our domain credentials.
0
Comment
Question by:sknoll84
  • 2
3 Comments
 
LVL 4

Expert Comment

by:yurisk
ID: 22685043
I've seen this problem with one of our clients after all his boxes upgraded automatically
to the newest firmware 7.5.55 - local authentication worked fine, Radius against AD didn't work with VPNs. We started process with CHeckpoint/Sofaware TAC but client had
no time to wait for them to come up with something and just downgraded his boxes back to 7.0.48, that solved the problem immediately.
0
 

Author Comment

by:sknoll84
ID: 22688385
I learned about the RADIUS server functionality this morning - pretty interesting.
We are going to reboot our Primary RADIUS server this afternoon, hopefully this will help.
0
 

Accepted Solution

by:
sknoll84 earned 0 total points
ID: 22691027
we rebooted the radius server and now the vpn work just fine.
of course we tried restarting services first but we didnt have any success with that.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now