PingID Administration Guide

Adding a RADIUS rule

To configure Checkpoint VPN for PingID multi-factor authentication (MFA), you must add a RADIUS rule.

Steps

  1. In the Checkpoint toolbar, click the Firewall tab.

  2. In the upper left-hand tree, click Policy.

    Result:

    The rules of the existing policy are listed.

  3. In the row for Any, in the No. column, right-click and select Add Rule → Above.

    A screen capture of the Add Rule menu cascade, accessed by right-clicking in the Number column and Any row.

    Result:

    A new row is added to this policy.

  4. In the new row, in the Source column, right-click Any, and then go to Add Objects → Add Legacy User Access.

  5. In the Legacy User Access window, select the RADIUS user configured earlier. Click OK.

    For more information, see Configure a RADIUS user profile.

    A screen capture of the Legacy User Access window.

  6. In the Destination column, right-click Any and select Network Object.

  7. In the Add Object window, select the VPN network configured by your network administrator. Click OK.

    A screen capture of the Add Object window.

  8. In the VPN column, right-click Any Traffic, and then click Edit Cell.

  9. In the VPN Match Conditions window, select Only Connections Encrypted in Specific VPN Communities.

    A screen capture of the VPN Match Conditions window.

  10. Add the RemoteAccess community to the rule.

    1. In the VPN Match Conditions window, click Add.

    2. Select RemoteAccess. Click OK.

    3. To return to the main menu, click OK.

  11. In the Action column of your RADIUS rule, right-click and select Accept.

  12. In the Track column of your RADIUS rule, right-click None, and then select Log.

    A screen capture of the Policy list, showing the new RADIUS rule.