MFA for VPN doesn't accept Google Authenticator OTP

MFA for VPN doesn't accept Google Authenticator OTP

Dear Community,

as I don't get an answer via Ticket, hopefully you could help me.

I configured and installed everything accordingly to

Checkpoint VPN Client asks for Google Authenticator OTP but unfortunately doesn't establish the VPN connection after entering the current OTP.
I'm getting the error "Access denied - wrong username or password"

Additionally I tried entering the only one configured policy for "CRPolicies" and "NetworkPolicies" on RADIUS Server Registry under "HKEY_LOCAL_MACHINE\SOFTWARE\ZOHO Corp\ADSelfService Plus NPS Extension".
Checkpoint VPN Client haven't asked for Google Authenticator OTP after this change although the user which I tried to connect is in a selected Active Directory Securitygroup.

My questions are:
- What could be the problem as it's not possible to establish a VPN connection when entering the right OTP from Google Authenticator?
- Why is Checkpoint Client not asking for OTP when a Policy is entered at CRPolicies or NetworkPolicies where the used User is part of a selected Active Directory Securitygroup?
- What's the difference between CRPolicies and NetworkPolicies (as I could find any documentation about this topic)?

Thank you in advance.
Br, Thomas