Check Point

Introduction

The purpose of this guide is to provide guidelines on how to integrate Mideye two-factor authentication with Check Point.

Prerequisites & general issues

A Mideye Server (any release). If there is a firewall between the Check Point and the Mideye Server, it must be open for two-way RADIUS traffic (UDP, standard port 1812). The Check Point acts as a RADIUS client towards the Mideye Server. Hence, the Check Point must be defined as a RADIUS client on the Mideye Server. Refer to the Mideye Server Configuration guide for information on how to define a new RADIUS client.

Integration steps

Add host

Open object explorer and add new host, representing the server running Mideye server software.

Add RADIUS server

Open object explorer and add a new RADIUS server.

Enter an appropriate name.

In the Host drop-down box, select the previously created host object.

Enter the RADIUS shared secret defined in the Mideye Server for this client, if the Mideye Server has not been created yet choose a shared secret here that later will be added to the Mideye Server as well.

Set the RADIUS version to 2.0.

Make sure that the protocol type is set to PAP and that the service object selected reflect the port Mideye Server is listening on (RADIUS standard port is UDP/1812).

Repeat the process if redundant servers are used.

Create RADIUS server group

Create a RADIUS server group and add the server(s).

Create and configure authentication method

Edit the relevant gateway object and navigate to Mobile Access section.

Under “Multiple Authentication Clients Settings”, add a new Authentication option for Mideye RADIUS authentication (remove any existing options if all clients should authenticate with Mideye two-factor authentication).

Change RADIUS timeout

The RADIUS timeout needs to be increased to 35 seconds to allow the user enough time to login.

Open the “Global Properties” configuration from Smart Console.

Navigate to “FireWall-1 -> Authentication -> RADIUS” in the left pane.

Set “radius_treant_num” to “1”.

Set the “radius_retrant_timeout” value to “35”.

Press OK and install policy on the gateway.

Add Check Point as a RADIUS client in the Mideye Server

See section RADIUS clients in the reference guide.

Troubleshoot

Check RADIUS-logs

Check if anything is written to the Mideye RADIUS logs. These can be found in:

Mideye Server\log\radius-messages.log

If nothing is logged, verify that udp/1812 is allowed between your Check Point and Mideye Server.

Contact Mideye support

For further support please contact Mideye support, support@mideye.com, +46854514750.