Zyxel SMS Service for 2FA is down

Rolly
Rolly Posts: 7  Freshman Member
First Comment Nebula Gratitude Second Anniversary
edited April 2021 in Security

Good morning

The Zyxel SMS service for two factor authentication (2FA) for the ATP series Firewall is now down for 24 hours. We use it on all our customers firewall for SSL VPN and the admin login on the firewalls. So, now it is impossible to remotely login the firewall or set up a VPN. What is happening? Zyxel seems not doing anything, no announcement or any idea when it will be fixed.

Due to COVID-19 (Corona Virus) people should stay home and use home office by connecting with VPN, but this is not possible as 2FA is not working and nobody can login or set up a VPN.

Seems Zyxel just adds the cheapest service - probably some guys even got money from ViaNett - and then let the users alone. Unbelievable!

Cheers,

Rolly

All Replies

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,296  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @Rolly

    What device and firmware are you current using?

    Can you collect the diagnose info and private message to us?

    Here is the step to collect diagnose info

    Go to Maintenance > Diagnostic > Diagnostics > Collect > click Collect now


    It will take 5~10 minutes to collect

    After done the the collection


    Go to Maintenance > Diagnostic > Diagnostics > Files to download the files and private message for us.


     

     

     

     

     

     

  • Rolly
    Rolly Posts: 7  Freshman Member
    First Comment Nebula Gratitude Second Anniversary

    Hi Jerry

    First, I have to explain the SMS Service to you, as you don't understand that it is impossible to log in without the SMS service once activated.

    The idea of the SMS service is to have a two factor authentication (2FA), so you do not only need the username and password, but you also receive an SMS with a code. This code you enter during the login process to the firewall.

    So, if you do not receive an SMS it is not possible to log in the firewall. Therefore it is also not possible to access any diagnostic data.

    Don't tell me like other people to exclude some user or protocols from the 2FA, as you know, a chain is only as strong as its weakest link.

    Finally the problem was caused by the SMS provider that was offline for two days.

    For such cases normally companies implement a small set up backup-codes - like Zyxel did with Nebula - or use a backup provider.

    Cheers,

    Roland

Security Highlight