How to Disable 2FA on USG FLEX H via Configuration File

Zyxel_Emily
Zyxel_Emily Posts: 1,396  Zyxel Employee
Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

Question:
I copy a configuration file from one USG FLEX H firewall to another and are locked out due to 2FA settings being copied over. I cannot access the original firewall because it is sent for RMA. How to disable 2FA by modifying the configuration file?

Answer:
To disable 2FA and regain access to the USG Flex 200HP, follow these steps:

  1. Download the current configuration file from the locked-out firewall.
  2. Open the configuration file in a text editor.
  3. Locate and remove the following lines related to 2FA settings:
    / two-factor-auth admin-access 'service' 'web'
    / two-factor-auth admin-access user-list 'user' 'admin'
  4. Save the edited configuration file.
  5. Upload and apply the modified configuration file to the firewall.

After applying the modified configuration file, you should be able to access the web GUI without needing to handle 2FA.

See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community