Flex H Series - 2FA Page with FQDN

Rathos
Rathos Posts: 5  Freshman Member
Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Security First Comment
in Security Ideas

Hello together

We would like to have a possibility to assign an FQDN to the 2-FA page. However, this would require the internal DNS to be accessible before verifying with the 2-FA. The reason for our request is that we would like to store a certificate on the firewall so that the browser no longer displays the message that the page is insecure.

vpn-page.png

Best regards

Niklas R.
System Enginner @ DQ Solutions in Switzerland

6
Up Down
6 votes

Active · Last Updated

Comments

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,579  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @Rathos ,

    Based on your screenshot, it appears you're inquiring about Remote VPN access. When using a remote access VPN to establish a tunnel, all traffic is encapsulated within the encrypted tunnel, so it is acceptable for the 2FA page to use non-HTTPS links.

    To meet your requirements, the 2FA authentication URL can be changed from HTTPS to HTTP. For example, changing from https://10.10.1.2:4433 to http://10.10.1.2:4433. Please refer to the configuration here:

    image.png

    Untitled Image

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community

  • PeterUK
    PeterUK Posts: 3,387  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    what they want is this from FLEX200

    Screenshot 2024-09-20 044241.png
    Screenshot 2024-09-20 044147.png
    Screenshot 2024-09-20 044210.png

  • Rathos
    Rathos Posts: 5  Freshman Member
    Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Security First Comment

    Hi Judy

    We would still prefer using an FQDN for a more professional appearance. Would we be able to switch to User-Defined and then access the authorization page via an FQDN using the WAN IP, as Peter mentioned?

    Best regards
    Niklas

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,579  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @Rathos ,

    You can try to use the configuration on H series.

    image.png

    Untitled Image

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community

  • PeterUK
    PeterUK Posts: 3,387  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited October 1

    Problem is Judy it don't work it uses the default certificate

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,579  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi user,

    We are considering this as a potential feature for future evaluation. We'll investigate carefully about that.

    Untitled Image

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)