Solved

Checkpoint Sofa Firewall version 6.5.43 uable to authenticate users via VPN

Posted on 2008-10-09
3
1,083 Views
Last Modified: 2013-11-16
I have a Checkpoint firewall that is of course used for security, but also VPN access.  In the past users would VPN to the public IP of this firewall, using their domain credentials to authenticate.  For whatever reason users are now unable to VPN with their domain credentials.  If I attempt to VPN it fails - within the Checkpoint Event Log I can see this failed attempt (ip address is censored):
"Connection from ip 7x.9x.1xx.7x with user sknoll failed. Reason of failure :User authentication by VPN-1 failed."

We have disabled VPN, rebooted.  Re-enabled VPN, rebooted and still no success.

Yes, if we create local users within the Firewall I can log in this way, however we would like to  authenticate our domain credentials.
0
Comment
Question by:sknoll84
  • 2
3 Comments
 
LVL 4

Expert Comment

by:yurisk
ID: 22685043
I've seen this problem with one of our clients after all his boxes upgraded automatically
to the newest firmware 7.5.55 - local authentication worked fine, Radius against AD didn't work with VPNs. We started process with CHeckpoint/Sofaware TAC but client had
no time to wait for them to come up with something and just downgraded his boxes back to 7.0.48, that solved the problem immediately.
0
 

Author Comment

by:sknoll84
ID: 22688385
I learned about the RADIUS server functionality this morning - pretty interesting.
We are going to reboot our Primary RADIUS server this afternoon, hopefully this will help.
0
 

Accepted Solution

by:
sknoll84 earned 0 total points
ID: 22691027
we rebooted the radius server and now the vpn work just fine.
of course we tried restarting services first but we didnt have any success with that.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question