USG20-VPN two factor authentication
kboroumand
Posts: 8 Freshman Member
I'm trying to activate 2 factor authentication via email for our SSL VPN users.
I've already setup SMTP mail settings and my device is able to send emails using the instructions below.
But I'm stuck on the final step. I've added email addresses to my users and enabled Two Factor Authentication and I'm choosing From Interface-->WAN as in picture below. I'm under the impression that when I try to connect with my Zywall Secuextender VPN client I should get an email with a link of some kind as the second factor authentication but I'm not getting anything.
Am I using the correct method to enable two factor authentication for a VPN client connection?
I've already setup SMTP mail settings and my device is able to send emails using the instructions below.
But I'm stuck on the final step. I've added email addresses to my users and enabled Two Factor Authentication and I'm choosing From Interface-->WAN as in picture below. I'm under the impression that when I try to connect with my Zywall Secuextender VPN client I should get an email with a link of some kind as the second factor authentication but I'm not getting anything.
Am I using the correct method to enable two factor authentication for a VPN client connection?
- Log in to the unit by entering its IP address and the credentials for an admin account (by default, username is “admin”, password is “1234”)
- Configure your L2TP / IPSec / SSL connection as desired
- Navigate to Configuration > Object User/Group > User to create or edit a user
- Take care to fill in a valid mail address to which the second auth. factor for this user will be sent
- Put this user into the allowed VPN users group in the tab “Group”
- Navigate to Configuration > System > Notification > Mail Server and fill in the credentials for a SMTP server (if you don´t own a mail server, you can use a free Gmail account for example)
- Navigate to Configuration > Object > Auth. Method > Two-factor Authentication to enable this feature for the desired VPN (SSL / L2TP / IPSec)
- Under “User/Group” you can select the users which should authenticate using 2 FA
- Under “Delivery Settings” enable “Email”
- Under “Authorize Link URL Address” you can chose “From Interface” and the respective interface or “User-Defined” to enter an IP address or (DynDNS-) domain name
0
Comments
-
hi,
were you able to get this worked out. one note i saw in the guide was to make sure your device is registered.
i have a slight different issue. i get the email but i am ABLE to access resources before the 2 factor. is this a firewall configuration issue i have?
1 -
Ho fatto gli stessi passaggi, il client vpn mi apre il tunnel ma non mi funziona il two-factor mode... qlc puo aiutarmi??
0 -
fabiobizz said:Ho fatto gli stessi passaggi, il client vpn mi apre il tunnel ma non mi funziona il two-factor mode... qlc puo aiutarmi??0
-
udoc said:
hi,
were you able to get this worked out. one note i saw in the guide was to make sure your device is registered.
i have a slight different issue. i get the email but i am ABLE to access resources before the 2 factor. is this a firewall configuration issue i have?
Having to guess, I think it's designed to only work with the new Zywall VPN client that you have to purchase separately, and that the original SecuExtender client is just broken and doesn't do 2FA. I don't know if that's true or not but if I find out that it is, the Zyxel's going on the garbage and I'm replacing it with another vendor solution. I primarily support enterprise firewalls and they don't charge money for their SSL VPN client software.0 -
Hi @peacockinds,When 2FA for SSL VPN is enabled, SecuExtender SSL VPN client cannot access the LAN resource without 2FA authorization.Here is the video for your reference.
Windows version of SecuExtender SSL VPN client SSL_VPN_Client_4.0.4.0 is used in this test. This is free version of SecuExtender SSL VPN software.
https://www.dropbox.com/s/o2u2rdkw0gg2bcz/ssl_vpn_2FA.wmv?dl=0
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight