USG Flex 200 and Google Authenticator for vpn
I have this machine, with ipsec vpns, and I would like to setup 2FA with Google Authenticator
I saw this guide for USG Flex 500:
https://support.zyxel.eu/hc/en-us/articles/360018356680-Firewall-Configure-2FA-with-Google-Authenticator-for-Admin-Access
And in "step" 1 I see a page that shows "Google Authenticator".
Instead, in my Device when I open user properties I see this:
Am I missing something?
Accepted Solution
-
Hi there,
Thank you for providing your remote access information.
The root cause of the issue is that the vpn2 user was set as a "guest" user type. Please follow the steps outlined in the FAQ provided on the forum, and ensure the "user type" is set to "user."
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!
0
All Replies
-
Hi @valerio_vanni ,
The guide you found explains how to configure 2FA with Google Authenticator for Admin Access, not for VPN users.
To configure 2FA with Google Authenticator for VPN users, please refer to the article below:
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!
0 -
I now see this other guide, but I'm stuck at the same point: when I edit the user, I should see
But instead, as I told in my first message, I see this:
"Verify by SMS/Email" is not a button, it's simple text. In this page there's nothing to configure.
If I go to "Auth. Method", I see this:
And I don't find anything wrong.
0 -
Hi @valerio_vanni ,
Please ensure that your USG FLEX 200 is running the latest firmware version, 5.39(ABUI.0)C0.
If the issue persists, please check your community inbox for instructions on how to provide us with a remote session. We'll access your firewall directly to investigate further.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!
0 -
Hi there,
Thank you for providing your remote access information.
The root cause of the issue is that the vpn2 user was set as a "guest" user type. Please follow the steps outlined in the FAQ provided on the forum, and ensure the "user type" is set to "user."
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!
0 -
Thank you, I missed user type.
So far, for vpn I used "guest" type (I choosed the minimum level needed).
0 -
With "user" type, configuration was successful and 2FA works.
The only missing piece is automatic popup of auth page when tunnel builds up.
In Secuextender configuration I don't find any setting about 2FA
To make it appear, I had to use "when tunnel is opened" script. But shouldn't it appear automatically?
0 -
Hi @valerio_vanni ,
Based on your description, it seems the authentication page popup appears after using the "when tunnel is opened" script. This behavior is intentional and designed to give users the flexibility to choose whether they want to use the authentication page popup.
Please note that in addition to importing the script, you can also retrieve it using the "Get from Server" option.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!
0 -
I didn't import any script, I simply put the address https://LAN1IP:8008 in line.
It's passed to Windows and then it's opened with default browser.
I wrote my last message because I thought it was a workaround and that it should open by itself.
About the "get from server" method: I usually configure clients by hand, but I'm curious: if I wanted to use it, where should I configure script options server side?
0 -
Hi @valerio_vanni ,
To better assist you, please let us know:
- Which VPN client/software you are using
- Your SecuExtender version number
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!
0 -
I have a mix of software on clients. On most, it's Secuextender 3.8.204.61.32.
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 264 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 244 Service & License
- 383 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 84 About Community
- 71 Security Highlight