Flex500 MFA for SSL VPN - setup Authenticator from Remote

Gileraracer
Gileraracer Posts: 2
First Comment
in Security

Hello everyone,

we use a FLEX500 with latest firmware and several SSL VPN Logins for people that work at remote places. Out of security considerations we want to implement MFA (TOTP) for all remote workers but are having a hard time rolling it out without them coming to the office.

From what i read in the manual an from my experience, when setting a login to force MFA via Google Authenticator there is no way to allow that person in the remote workplace (homeoffice) to set up his/her authenticator, is that right?

I only found the solution to log in with an admin and let the user scan the QR Code with the authenticator app.

Is there any possibility to enable MFA via Authenticator for users that are far away without either 1) needing them to come to the office or 2) doing a remote teamviewer session with each and everyone?

From other products i am used to the possibility that, after the first login with MFA forced, the user can set up the Google AUthenticator himself either with a QR Code or a simple code.

Thanks in advance and best regards,

Dom

Accepted Solution

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,174
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
     Zyxel Employee
    edited June 29 Answer ✓

    Hi @Gileraracer,

    In the current design, the user needs to set up the Google Authenticator by scanning the QR code on the administrator portal. We will move this request to idea section for future evaluation. Thanks for your suggestion.

    image.png

    Click this link to start: https://bit.ly/3R2Wx52
    Emily

All Replies

  • Gileraracer
    Gileraracer Posts: 2
    First Comment

    Hi and thanks for your reply.

    Unfortunately, for a large number of remote workers, this is very ill-conceived. I hope the idea will be implemented.

    I have now set up a test user and activated MFA. When he now logs in via SecuExtender he does not see a window where he can enter the code from the Google Authenticator. Should a window appear here? Or where does an end user enter the code?

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,174
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
     Zyxel Employee
    edited July 4

    Hi @Gileraracer,

    Which type of SecuExtender are you using? Is it SSL VPN Client or IPSec VPN Client?

    If you use Zyxel VPN Client to establish VPN tunnel, it will pop up authentication page on browser automatically. For SSL VPN, you have to enter correct URL on browser manually. (e.g. https://YourDeviceIP:8080)

    You can find more information on page 599 in the handbook.
    How to Use Two Factor with Google Authenticator for VPN Access


    image.png

    Click this link to start: https://bit.ly/3R2Wx52
    Emily

Categories

Security Highlight


Read more

Security Help Center

  • FAQ
  • New & Release
  • Monthly Express
  • Threat Intelligence
  • Video Tutorials
    • EnglishTiếng ViệtРусскийไทย中文(台灣)