Info 2FA ZYXEL FIREWALL VPN100

Hello everyone, we have a zyxel vpn 100 firewall and we are having a problem with 2 factor authentication, we are unable to receive email on active directory domain users. By doing a test we saw that the daily firewall reports arrive via email but the emails to authorize users to enter our domain do not. Can you explain the problem to us?

Thank you,
Greetings

Accepted Solution

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Answer ✓

    Hi @Marcointegrated,

    After VPN100 is upgraded to 536ABFV1ITS-23WK21-0525-230501004, SSL VPN with 2FA is working. Please monitor the status and check if the issue is resolved.

«1

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @integratedsolutions,

    Hi @integratedsolutions,
    The issue appears when Two-factor Authentication > VPN Access > User/Group > Selected User/Group contains user object. We will release 5.36 patch 1 to fix the issue this week. Before the firmware is released, please remove the individual user objects from Selected User/Group and use "any" temporarily.

  • Marcointegrated
    Marcointegrated Posts: 21  Freshman Member
    First Comment First Anniversary

    good evening, the problem remains the same even if you remove the "test" user. On the contrary, if I leave the local test user, the email arrives regularly, while if I connect with an ACTIVE DIRECTORY domain user, no email arrives. Can you give a solution please? Thank you

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @integratedsolutions

    5.36(ABFV.1) is officially released. It contains fix of 2FA mail issue. Please upgrade VPN100 to 5.36(ABFV.1) and check if 2FA mail is able to be delivered to the user's email.

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi Marcointegrated

    5.36(ABFV.1) is officially released. You can upgrade VPN100 to 5.36(ABFV.1) and check if 2FA mail is able to be delivered to the user's email. If the AD user is still not able to receive 2FA mail, please send the remote access of your VPN100 in private message. Thanks!

  • Marcointegrated
    Marcointegrated Posts: 21  Freshman Member
    First Comment First Anniversary

    Good evening,
    I upgraded to version 5.36(ABFV.1) but the firewall still doesn't send 2fa emails with active directory users who are on the domain controller. If, on the other hand, I create a user, for example the one in the "test" photo and within the email arrives and authorizes access. Can we maybe do a remote session to understand the problem?

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi Marcointegrated,

    Let's arrange the remote session in private message.

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @Marcointegrated,

    Per our talk on the Skype, we already fixed the issue and will upgrade your VPN100 to the latest firmware tomorrow. Then you can start running the test and check if AD users are able to receive 2FA mail.

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Answer ✓

    Hi @Marcointegrated,

    After VPN100 is upgraded to 536ABFV1ITS-23WK21-0525-230501004, SSL VPN with 2FA is working. Please monitor the status and check if the issue is resolved.

  • Hi @Zyxel_Emily , sorry to use @Marcointegrated thread but I've the same problem on my vpn300 (FW VERSION V5.36(ABFC.2) / 2023-05-24 02:17:06)


    Local users are properly receiving 2fa emails while AD users don't.

    Logs for local users:
    387 2023-07-12 16:26:09info authentication-server two-factor auth.send E-mail to user: vpnxxx, email:mas********************com. User(vpnxxx) is waiting to authorize

    388 2023-07-12 16:26:10info userTwo-factor Authentication mail has been sent to user(vpnxxx) successfully.

    Logs for AD users:
    739 2023-07-12 16:32:04info authentication-server two-factor auth.send E-mail to user: firstname.lastname, email:mas********************com. User(firstname.lastname) is waiting to authorize

    AS YOU CAN SEE HERE ISN'T WORKING (EMAIL DOESN'T ARRIVE) AND IS ALSO MISSING A CONFIRMATION LOG, SAME AS #388 FOR LOCAL USER (the mail address is the same)

    The problem occurred suddenly, i've tried to reboot and reset the firewall too (imported last working configuration after reset)

    Could you help me? Thanks!

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @massimo_alonzi,

    We already fixed the issue in 5.37. You can upgrade the device to 5.37 to check if the issue is resolved.

Security Highlight