Flex 500 Full Tunel SSLVPN with 2FA Authorization Problem
Hello,
We have set up SSLVPN + Windows AD + Two-FA (Email) on Flex500. The setup has been completed and tested successfully. However, the client has another requirement, which is to use SSLVPN Full Tunnel. But this creates a contradictory situation:
When the user authenticates with the Windows AD username and password and obtains the IP distributed by SSLVPN, Flex500 sends an AUTHORIZE email to the user. But because SSL Full Tunnel Mode is enabled, all traffic is directed to Flex 500. However, this traffic has not yet been authorized, which prevents the user from connecting to the Internet and the company’s Mail Server to receive emails, resulting in SSLVPN being unable to connect.
How should this issue be solve ?
Best Answers
-
Hi @Peter_EO,
Yes, it's a Chicken or the egg situation.You need another client device (ex: mobile phone) to get the token in the email.
Impossible with the VPN client device only.
Or you need to use Google Authenticator or SMS to get token instead of email.
0 -
Helllo @Peter_EO
You could refer to this FAQ : How to Use Two Factor with Google Authenticator for VPN Access? If you build VPN tunnel by SSL VPN or L2TP VPN, you have to enter the correct URL to enter the verification code. Thanks.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0
All Replies
-
Hi @Peter_EO
"We have set up SSLVPN + Windows AD + Two-FA (Email) on Flex500. The setup has been completed and tested successfully." When establishing an SSL VPN connection, did you enable Full Tunnel mode? Could you share screenshots of both successful and failed SSL VPN settings with us? We would like to know your settings. Thanks.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
Hi @Peter_EO,
Yes, it's a Chicken or the egg situation.You need another client device (ex: mobile phone) to get the token in the email.
Impossible with the VPN client device only.
Or you need to use Google Authenticator or SMS to get token instead of email.
0 -
Helllo @Peter_EO
You could refer to this FAQ : How to Use Two Factor with Google Authenticator for VPN Access? If you build VPN tunnel by SSL VPN or L2TP VPN, you have to enter the correct URL to enter the verification code. Thanks.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight