<div>
Hi Btan,<br />
<br />
i think DynamicID Direct SMS would be the best path for us, can twilio be used for DynamicID ?
</div>


<div>
DynamicID is concurred as the 2FA approach
</div>


<div>
Hi All,<br />
<br />
just got around to doing this feature.. &nbsp;i have enabled Challenge users to proved One time password<br />
<a href="https://filedb.experts-exchange.com/incoming/2017/01_w01/1137023/Settings.PNG" target="_blank" title="Settings.PNG (14 KB)"><img alt="Settings.PNG" class="file-block lazyload" style="max-width: 504px;" data-src="https://filedb.experts-exchange.com/incoming/2017/01_w01/1137023/Settings.PNG" /></a><br />
but when i try to log in, it is showing the following error. <br />
<a href="https://filedb.experts-exchange.com/incoming/2017/01_w01/1137024/ech.PNG" target="_blank" title="ech.PNG (116 KB)"><img alt="ech.PNG" class="file-block lazyload" style="max-width: 800px;" data-src="https://filedb.experts-exchange.com/incoming/2017/01_w01/800_1137024/ech.PNG" /></a>
</div>


ech.PNG

Settings.PNG

<div>
Users who successfully complete the first-phase authentication are challenged to enter an additional credential: a DynamicID One Time Password (OTP). The OTP is sent to their mobile communications device (such as a mobile phone) through SMS or directly to their email account. Hence I suspect the system cannot find this information if it will to send the OTP. See this 
<blockquote>
Configuring the Phone Directory<br />
The default phone number and email search method is that the gateway searches for phone numbers or email addresses in user records on the LDAP account unit, and then in the phone directory on the local gateway. If the phone number configured is actually an email address, an email will be sent instead of an SMS message. The phone number and email search method can be changed in the Phone Number or Email Retrieval section of the Two-Factor Authentication with DynamicID - Advanced window.<br />
<br />
Configuring Phone Numbers or Email Addresses in LDAP<br />
If users authenticate via LDAP, configure the list of phone numbers on LDAP by defining a phone number or email address for each user. By default, Mobile Access uses the Mobile field in the Telephones tab. If the phone number configured is actually an email address, an email will be sent instead of an SMS message.
</blockquote>
<blockquote>
Configuring Phone Numbers or Email Addresses on Each Security Gateway<br />
Configure the list of phone numbers or email addresses on each Mobile Access gateway. For a Mobile Access cluster, configure the directory on each cluster member.<br />
<br />
To configure a list of phone numbers on a gateway:<br />
Log in to the Mobile Access gateway using a secure console connection.<br />
Change to Expert mode: Type expert and then the expert mode password.<br />
Backup $CVPNDIR/conf/SmsPhones.ls<wbr />t<br />
Edit $CVPNDIR/conf/SmsPhones.ls<wbr />t, and add to it a list of user names and phone numbers, and/or email addresses.
</blockquote>
 <a href="https://sc1.checkpoint.com/documents/R76/CP_R76_Mobile_Access_WebAdmin/41587.htm" rel="ugc">https://sc1.checkpoint.com/documents/R76/CP_R76_Mobile_Access_WebAdmin/41587.htm</a><br />
<br />
You may also want to take note of this 
<blockquote>
There is no feature available as yet with checkpoint to allow LDAP and RSA authentication working together. 
</blockquote>
 <a href="https://www.cpug.org/forums/archive/index.php/t-17611.html" rel="ugc">https://www.cpug.org/forums/archive/index.php/t-17611.html</a><br />
<br />
Consider creating another question if you have further doubts
</div>


<div>
<div class="content wysiwyg-content">
Hi i would like to know the simplest way to get two factor Authentication up and running within Checkpoint Mobile for our VPN logins <br />
Thanks.
</div>
</div>


Hi i would like to know the simplest way to get two factor Authentication up and running within Checkpoint Mobile for our VPN logins 
Thanks.

Checkpoint Mobile VPN two factor Authentication

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Internet Protocol Security

Mobile web development, also known as responsive web design, is an approach to web design aimed at crafting sites to provide an optimal viewing and interaction experience—easy reading and navigation with a minimum of resizing, panning, and scrolling—across a wide range of devices (from desktop computer monitors to mobile phones). A site designed with RWD adapts the layout to the viewing environment by using fluid, proportion-based grids, flexible images, and CSS3 media queries.

Mobile

Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.