Need to edge out the competition for your dream job? Train for certifications today.
Duo’s mobile app to send push notifications to your phone as your second factor. Here’s how it works:
Enter your username and password into your login page.
Choose ‘Duo Push’ as your second factor on the next screen prompt.
Then, tap ‘Approve’ on the push notification sent to your phone.
Duo Push is an out-of-band authentication method that prevents remote attackers from stealing your password and your second factor.
The Mobile Access Software Blade can be configured to send a One-Time Password (OTP) to an end-user communication device (such as a mobile phone) via an SMS message. SMS two-factor authentication provides an extra level of security while eliminating the difficulties associated with managing hardware tokens
Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.
If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance.
Configuring the Phone Directory
The default phone number and email search method is that the gateway searches for phone numbers or email addresses in user records on the LDAP account unit, and then in the phone directory on the local gateway. If the phone number configured is actually an email address, an email will be sent instead of an SMS message. The phone number and email search method can be changed in the Phone Number or Email Retrieval section of the Two-Factor Authentication with DynamicID - Advanced window.
Configuring Phone Numbers or Email Addresses in LDAP
If users authenticate via LDAP, configure the list of phone numbers on LDAP by defining a phone number or email address for each user. By default, Mobile Access uses the Mobile field in the Telephones tab. If the phone number configured is actually an email address, an email will be sent instead of an SMS message.
Configuring Phone Numbers or Email Addresses on Each Security Gateway
Configure the list of phone numbers or email addresses on each Mobile Access gateway. For a Mobile Access cluster, configure the directory on each cluster member.
To configure a list of phone numbers on a gateway:
Log in to the Mobile Access gateway using a secure console connection.
Change to Expert mode: Type expert and then the expert mode password.
Edit $CVPNDIR/conf/SmsPhones.lst, and add to it a list of user names and phone numbers, and/or email addresses.
There is no feature available as yet with checkpoint to allow LDAP and RSA authentication working together.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Please enter a first name
Please enter a last name
Must be at least 4 characters long.
Join and Comment
From novice to tech pro — start learning today.
Premium members can enroll in this course at no extra cost.