

See the Check Point Support Center for a list of Remote Access solutions that support SSL. This configuration has been tested from a web browser SSL VPN session (with and without SSL Network Extender), the Check Point Mobile Enterprise app, the Check Point Mobile VPN app, and the preinstalled Check Point VPN client in Windows 8.1. Read the enrollment documentation to learn more. You'll need to create your users in Duo ahead of time using one of our other enrollment methods, like directory sync or CSV import. This configuration doesn't support inline self-service enrollment. Once configured, Duo sends your users an automatic authentication request via Duo Push notification to a mobile device or phone call after successful primary login. If you are already running a Duo Authentication Proxy server in your environment, you can generally use that existing host for additional applications, appending the new configuration sections to the current config. This Duo proxy server also acts as a RADIUS server - there's usually no need to deploy a separate additional RADIUS server to use Duo. To integrate Duo with your Check Point Mobile Access VPN, you will need to install a local proxy service on a machine within your network. Please refer to Duo Knowledge Base article 6328 for more information and suggested workarounds. This issue was resolved in version 5.0.2. This seems like a "logical flaw" in the use of Capsule VPN and "Route All" and causes us a major headache.Ī service request has been created with TAC waiting for input.There is a known issue Duo Authentication Proxy versions 5.0.0 and 5.0.1 and Check Point RADIUS Authentication. So the issue we are having is that Capsule VPN ignores the Office Mode DNS-servers for lookups to external hosts and uses each clients-local DNS-server, where some of these DNS-servers rejects DNS-queries from the Firewall they connect via. "Windows 8.1 Plugin and Capsule VPN app for Windows 10 can only resolve host names whose domain suffix is configured in the Office Mode Optional Param" Solution has been working fine for the users that have tested this in a PoC but now the have went into production several uses complain about multiple external internet-sites that doesnt work.Ĭhecking known limitations, capsule VPN Admin guide etc we find no settings that should impact this, but in sk112164 we see that: Customer also uses "Route all traffic" via the VPN-gateway (required). We have a customer that uses Check Point Capsule VPN Client and have defined Office Mode DNS-servers, internal DNS-suffix etc. Im having an issue with Check Point Capsule VPN (Windows Store) Client and resolving external dns-names.
