2FA on both portal and gateway

Reply
Highlighted
L4 Transporter

2FA on both portal and gateway

If you have two factor auth on the portal and the gateway without using the cookie or passing the auth from the portal to the gateway will it ask you to authenticate twice?

Highlighted
Cyber Elite

Yes

Highlighted
L4 Transporter

@BPry

Makes sense that it would, but I can pass the authentication if I choose the cookie option can't I? I be that is what the native clients are not getting the routing information from the gateway cause they are only asked to authenticate once

Highlighted
L7 Applicator

Hi @jdprovine, hope you are well...

 

I dont think, in fact im pretty sure that native clients do not use the portal, they connect directly to the gateway.

 

so either i have got that wrong or you are having some other issues with routing info...

 

 

Highlighted
L4 Transporter

@MickBall

hope you are doing well too....

Well I had never thought of that, interesting. Do you know the technical reason why? Seems like if it went to the gateway it should get the route information

Highlighted
Cyber Elite

@jdprovine,

Not really a technical answer, but IPSec deployments are never implemented the same across devices. The firewall will only send route infromation in a certain manner, whether the end-device has been programmed to accept the route as given is a different story. Most vendors won't take the time to implement every single possible method and don't generally keep up with the changes made throughout all the different implementations. This is why VPN clients are offered; they can ensure that they are both passing/expecting the proper information.

 

I'm fairly positive that @MickBall is correct in the fact that native clients do not utilize the portal in the connection process. 

Highlighted
L7 Applicator

Spot on @BPry.

Highlighted
L4 Transporter

@BPry @MickBall

So I have both radisu and OTP enabled on the gateway and the portal do I need it on both

Highlighted
L7 Applicator

ooer... this could get confusing...

 

for native clients, just the gateway but if you have GP clients then you will also need it on the portal.

 

having it on both without cookie....    well it's an OTP so it cannot be used again for the gateway, thats why the authentication overide (cookie stuff)is there

 

 

 

Highlighted
Cyber Elite

So about these cookies ..... 

Cookie Sir.jpg

In all seriousness in your situation @jdprovine I would really recommend that you keep OTP on both and then just enable authentication override so that users don't have to enter the OTP twice. 

 

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!