SMS Service for Two Factor Authentication is down (admin login and SSL VPN)
Good morning
The Zyxel SMS service for two factor authentication (2FA) for the USG series Firewall is now down for 24 hours. We use it on all our customers firewall for SSL VPN and the admin login on the firewalls. So, now it is impossible to remotely login the firewall or set up a VPN.
What is happening? Zyxel seems not doing anything, no announcement or any idea when it will be fixed.
Due to COVID-19 (Corona Virus) people should stay home and use home office by connecting with VPN, but this is not possible as 2FA is not working and nobody can login to the firewall or connect a VPN.
Seems Zyxel just adds the cheapest service - probably some guys even got money from ViaNett - and then let the users alone. Unbelievable!
Cheers,
Rolly
All Replies
-
Hi @Rolly
We apologize for certain inconvenience you had met about the ViaNett server down event in the weekend. In addition to ViaNett, we had also deployed a new SMS feature which allow users to send the SMS message from other more reliable SMS service providers just by using email.
Here it is the example about how to configure :Email to SMS"
1. Setup SMTP function on your device
Go to CONFIGURATION > System > Notification > Mail Server Field your SMTP serve configuration.
a. Mail server
b. Mail server ports
c. Mail From
d. SMTP Authentication
Note: Be sure that the SMTP Server configuration is correct otherwise message will not be sent to SMS provider successfully.
2. Setup Email to SMS Provider configuration
Go to Configuration > system > Notification > SMS Select “SMS Provider” as Email to SMS Provider
Enter SMS Provider Email server domain name. Configure the sender mail address in “Mail From”
Note: Your SMS provider need to allow the email address which configured in “Mail From” to prevent the email is denied by SMS provider’s mailbox.
Moreover, the VPN 2FA via Google Auth. will be be launched in the near future. With VPN 2FA via Google Auth., the service down risk will be much lower than current one.
0 -
Does mean "Google Auth" google Authenticator? We are waiting for this. SSL VPN with OTP is perfect solution.
0 -
Hi @zdenek
Yes, it is already in a plan.
0 -
So - nearly one year later - how is the plan going?0
-
-
My Customer use the light client VPN SSL Secuextender. It is too simple to add OTP directly in client app or directly open URL after connect ?
Like Sophos (I don't like Sophos), but customers want the simplest method0 -
Hi @supportIconSA
Google Authentication already support for VPN scenario.(ZLD5.20 or above version)
You may suggest customer use Google Authentication.
If clients connected VPN tunnel by IPSec VPN Client, it will pop-out authentication page on browser directly.
The others VPN (SSL VPN/ L2TP....etc.) types, user still could open Authentication page by enter device IP address manually.
You can refer to handbook page 599
0 -
Hello, I know this function. But could you confirm that "YourDeviceIP" are the public IP or Internal IP address ?
If it's the public IP address I think this is a security risk/sometimes Authorized port was bloqued by Internet provider/Hotel/Public Wifi. In this case I suggest that we can pop up authentication page with inside IP.
0 -
Hi @supportIconSA
The authorize port could be Public or Private IP address. The reason is because the authorize URL could deliver by SMS or Email. User may click the URL by 2nd device which without VPN connection. Of course you can access authorize page by Internal IP address and block authorize port from WAN side.
IPSec VPN Client will auto deliver Internal IP address after connecting VPN tunnel. You can follow handbook to finish it.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight