Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Home >   Check Point Forums >   Software Blades and Gateways >   Mobile Access / SSL VPN

Thread: Mobile Access - User is unauthorized

Welcome, Guest Help
Login Login
Guest Settings Guest Settings
This question is not answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 5 - Pages: 1 - Last Post: Mar 30, 2017 2:32 AM by: Steven Love Threads: [ Previous | Next ]
Roy Smith

Posts: 2
Registered: 1/22/14
Mobile Access - User is unauthorized
Posted: Jul 23, 2015 7:06 PM
 
  Click to reply to this thread Reply

Hi

We have 2 appliances in 2 separate datacentres. The appliance in our primary DC had mobile access
installed and was working fine. We recently installed mobile access on the appliance in the other DC.

Since then, we have had intermittent issues logging on to the mobile access portal. When you log in it returns a "user is unauthorised" message. If you try again it may either fail or succeed. This appears to be quite random.

This issue seems to have happened since enabling mobile access on the second appliance, but I'm not sure this is related or just a coincidence.

Has anyone come across this issue before? Anyone got any ideas?

Thanks in advance.

Eber Aparecido ...

Posts: 7
Registered: 3/25/15
Re: Mobile Access - User is unauthorized
Posted: Apr 8, 2016 11:43 PM   in response to: Roy Smith
 
  Click to reply to this thread Reply

Hi,

You check Mobile access option "Policy"?

Best regards,

Eber

Ken Lin

Posts: 1
Registered: 1/26/16
Re: Mobile Access - User is unauthorized
Posted: Jul 21, 2016 5:13 AM   in response to: Roy Smith
 
  Click to reply to this thread Reply

Hey guys

I have the same problem

Do U solve it ?

Gabriel Quarty

Posts: 1
Registered: 7/31/13
Re: Mobile Access - User is unauthorized
Posted: Aug 2, 2016 12:24 AM   in response to: Roy Smith
 
  Click to reply to this thread Reply

Hey Roy

What type of users having this problem? ldap? internal checkpoint users? two factors authentication? What are they using for authentication?

I will recommend creating an internal checkpoint user and test with that. If the problem persist, you will have to debug cvpnd.

Makarand Thite

Posts: 2
Registered: 2/25/14
Re: Mobile Access - User is unauthorized
Posted: Mar 18, 2017 4:52 PM   in response to: Gabriel Quarty
 
  Click to reply to this thread Reply

HI

I have also the same problem and very random.

We are using LDAP for athentication

Steven Love

Posts: 1
Registered: 7/19/16
Re: Mobile Access - User is unauthorized
Posted: Mar 30, 2017 2:32 AM   in response to: Roy Smith
 
  Click to reply to this thread Reply

This is very similar to a problem we are having trying to get the Check Point Mobile Access Blade (MAB) working with a Microsoft On-premise MultiFactor Authentication (MFA) server. We have the AD/LDAP objects configured on the Check Point in order to use the Groups in the MAB. The MFA server is a RADIUS client. If we simply use a "generic" group, the user authentication is successful every time. If we attempt to utilize the groups from the AD object in the rules, we successfully authenticate to Radius (Second factor - phone call) and AD but intermittently get the "User is unauthorized". The corresponding log entry indicates "No access rules defined for users". If you try 2 or 3 or maybe 4 times, it will work as expected

We too have found no pattern in when it works and when it fails, and not much in the logs that point us toward the actual source of the problem.

I came across SK112374 that might be related and describes our symptoms exactly except the random work/fail. But it alludes to the issue as being an LDAP problem not returning part of the query that is needed to tell it which group the user belongs to. I hope to dig into this in the next day or two and determine if it is part of the problem.
(https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk112374 )

I would be happy to hear from anyone who has successfully integrated a Microsoft MFA solution (as Radius) with the Check Point MAB and using groups (from AD fw object) as they should be used in the MAB.

Legend
Expert: 751 + pts
Advanced: 301 - 750 pts
Enthusiast: 101 - 300 pts
Novice: 0 - 100 pts
Check Point
Helpful Answer (5 pts)
Correct Answer (10 pts)