lsr4m (lsr4m) asked a question.
Radius authentication issue for checkpoint
Hey!
I'm configured radius authentication with Okta for checkpoint VPN but getting invalid credentials (access denied) every time i try to login with correct credentials. I've checked thoroughly that the secret key matches in Okta and checkpoint and the requests from checkpoint goes to radius server and then comes to Okta. The secret key doesn't exists any special characters and is very simple key. This is tested and was working in okta sandbox but doesn't work in production. Any pointers on what could be the issue here?
have you enable MFA? what it authenticate the user and password by Okta or by Checkpoint? could you provide the radius setting and log?
MFA is enabled for my user. In test, it worked fine (after authentication, got a prompt from checkpoint for sms or push 1 or 2) but doesn't seem to work in production. The authentication is via Okta i.e. user logs in to checkpoint app via username password and checkpoint forwards the request to radius server which authenticates against Okta.
See logs snippet below,
2023-02-22 08:08:14 UTC [oktar01p, pool-2-thread-7, radiusRequestId=bofvEtyiIW, user=***, requestType=primary] : WARN - Authentication failed for user ***, reason --- Access denied. Invalid creds?
2023-02-22 08:08:14 UTC [oktar01p, pool-2-thread-7, radiusRequestId=bofvEtyiIW, user=***, requestType=primary] : INFO - send response: Access-Reject, ID 203
Reply-Message: Authentication failed for user ***, reason --- Access denied. Invalid creds? to /***.***.***.**:*****
@lsr4m (lsr4m)
so this setting :Okta performs primary authentication is enable?