Few Remote Access clients that do not support Multi-Factor Authentication (MFA) are able to connect to a Security Gateway even though "Allow older clients" is disabled

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk166912
Technical Level
Severity	Low
Product	IPSec VPN, Mobile Access / SSL VPN
Version	R80.10, R80.20, R80.30, R80.40
Date Created	17-May-2020
Last Modified	30-Jul-2020

Symptoms

Few Remote Access clients that do not support Multi-Factor Authentication (MFA) are able to connect to a Security Gateway even though "Allow older clients" is disabled.

Cause

Non-default authentication settings for remote access were configured. "Allow older clients to connect to this gateway" is unchecked.

Authentication is configured under Multiple Login Options, however due to enforcement mishandling, few clients are still able to connect using different authentication scheme.

Solution

This problem was fixed. The fix is included in:

Jumbo Hotfix Accumulator for R80.40 since Take 48
Jumbo Hotfix Accumulator for R80.30 since Take 210
Jumbo Hotfix Accumulator for R80.20 since Take 156
Jumbo Hotfix Accumulator for R80.10 since Take 275

If you choose not to upgrade, Check Point can supply a Hotfix. Contact Check Point Support to get a Hotfix for this issue.
A Support Engineer will make sure the Hotfix is compatible with your environment before providing the Hotfix.
For faster resolution and verification, please collect CPinfo files from the Security Management Server and Security Gateways involved in the case.

Applies To:

PRHF-10855 , PRJ-12665

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating