Pricing  Get Quote
 
 

MFA for Check Point VPN

Secure access with ADSelfService Plus

Start free trial

What is Check Point VPN?

Check Point VPN is a virtual private network (VPN) solution provided by Check Point Software Technologies. It creates secure, encrypted connections between remote users and corporate networks. This helps employees securely access their company resources while traveling or working from home. Check Point VPN is a client-to-site VPN that can be installed on Windows, Mac, iOS, and Android devices. It also provides a web-based portal to connect from a browser that doesn't require installation. Check Point VPN uses the IPsec to provide a secure connection by authenticating and encrypting data between remote devices and your corporate network.

MFA software for Check Point VPN

To secure logins, Check Point VPN offers two-factor authentication utilizing SMS as the second factor. While this provides an additional layer of security by prompting you to enter an OTP, it isn't the most secure form of authentication. This is where an advanced VPN MFA solution like ADSelfService Plus comes in. With highly secure authentication methods and adaptive MFA, you'll enjoy a seamless and secure login process. ADSelfService Plus also helps you comply with regulations and mandates like NIST SP 800-63B, HIPAA, the NYCRR, the FFIEC, the PCI DSS, and the GDPR.

ADSelfService Plus offers an intuitive portal where you can select your preferred MFA authentication method from a wide range of one-way and challenge-based authenticators. An MFA policy can also be configured for a specific group of Check Point VPN users so all users in that group will be required to use the same login process.

Once Check Point VPN is set up with ADSelfService Plus, the login process is as follows:

  1. The user opens Check Point VPN.
  2. The user completes the first stage of authentication using their AD domain credentials.
  3. If successful, ADSelfService Plus initiates the MFA process involving up to three stages of authentication.
  4. Once the user completes the MFA process, they are logged into Check Point VPN.

Try out our interactive VPN MFA demo!

Enabling MFA for Check Point VPN

Here's how you can configure ADSelfService Plus' MFA for Check Point VPN logins:

Prerequisites

  • Ensure you have a Professional Edition license of ADSelfService Plus with Endpoint MFA enabled.
  • Enable HTTPS in ADSelfService Plus by navigating to Admin > Product Settings > Connection.
    Note: If you are using an untrusted certificate in ADSelfService Plus for HTTPS, disable the Restrict User Access when there is an Invalid SSL Certificate option under Configuration > Administrative Tools > GINA/Mac/Linux (Ctrl+Alt+Del) > GINA/Mac/Linux Customization > Advanced.
  • The access URL configured under Admin > Product Settings > Connection > Configure Access URL will be used by the NPS extension to communicate with the ADSelfService Plus server. Ensure the access URL is updated before installing the NPS extension.
  • In Active Directory, set the Network Access Permission to Control access through NPS Network Policy in the users' Dial-in properties .
  • Configure your Check Point VPN gateway to use RADIUS authentication.
  • The RADIUS server must be a Windows Server (Windows Server 2008 R2 or later) with the NPS role enabled.
  • On the Windows NPS server, s et the authentication settings of the Connection Request Policy to Authenticate requests on this sever.

Configuring ADSelfService Plus

Step 1: Enable the required authenticators

  1. Log in to ADSelfService Plus as an administrator.
  2. Navigate to Configuration > Self-Service > Multi-factor Authentication > Authenticators Setup.
  3. Enable the required authenticators for the Check Point VPN login.
  4. Click Save.

Step 2: Enable MFA for VPN logins

  1. Go to the MFA for Endpoints tab.
  2. From the Choose the Policy drop-down menu, select a policy, which will determine the users for whom MFA for VPN login will be enabled. Click here to learn more about creating an OU- or group-based policy.
  3. In the MFA for VPN Logins section, check the box and choose the number of authentication factors and the authentication methods using the drop-down options.
  4. Click Save Settings.

Step 3: Install the NPS extension

Install the NPS extension and restart the NPS Window service.

The setup is complete. Users will be prompted for MFA when they log in to Check Point VPN to verify their identities using the chosen authentication methods.

Choose from a wide range of authenticators

  1. Microsoft Authenticator
  2. YubiKey
  3. SMS and email verification
  4. Zoho OneAuth TOTP

Advantages of implementing ADSelfService Plus' MFA

  • Conditional access

    By evaluating risk factors like IP address, access time, device, and location, you can increase or decrease security measures depending on the situation. For example, MFA requirements can be increased for logins from unfamiliar devices or during off-peak hours.

  • Real-time audit reports

    Gain comprehensive insights into user MFA activity with detailed reports on attempted times, device types, and IP addresses. Also get reports on all MFA-enrolled users, MFA failures, and trusted devices. These reports can be scheduled to generate at regular intervals and delivered to email addresses of your choice.

  • Complete endpoint protection

    Expand your authentication options to include Windows, MacOS, and Linux machines, as well as leading VPN providers. MFA can also be implemented for Outlook on the web logins and endpoints that support RADIUS authentication.

Supported VPN providers and non-VPN RADIUS endpoints:

  • Juniper VPN
  • Fortinet VPN
  • Palo Alto VPN
  • Cisco ASA AnyConnect VPN
  • SonicWall VPN
  • Checkpoint VPN
  • Citrix Gateway
  • Microsoft Remote Desktop Gateway
  • VMware Horizon View

Secure OpenVPN logins with adaptive MFA for your remote workforce

Get your free trial 

ADSelfService Plus also supports

  •  

    Adaptive MFA

    Enable context-based MFA with 19 different authentication factors for endpoint and application logins.

    Learn more  
  •  

    Enterprise single sign-on

    Allow users to access all enterprise applications with a single, secure authentication flow.

    Learn more  
  •  

    Remote work enablement

    Enhance remote work with cached credential updates, secure logins, and mobile password management.

    Learn more  
  •  

    Powerful integrations

    Establish an efficient and secure IT environment through integration with SIEM, ITSM, and IAM tools.

    Learn more  
  •  

    Enterprise self-service

    Delegate profile updates and group subscriptions to end users and monitor these self-service actions with approval workflows.

    Learn more  
  •  

    Zero Trust

    Create a Zero Trust environment with advanced identity verification techniques and render your networks impenetrable to threats.

    Learn more  

ADSelfService Plus trusted by