USG Flex 200 and Google Authenticator for vpn

2»

All Replies

  • Sandro_ACP
    Sandro_ACP Posts: 4  Freshman Member
    First Comment Second Anniversary

    My ATP200 show a different menu…are you on the latest firmware with your FLEX 200? I Am…

  • valerio_vanni
    valerio_vanni Posts: 88  Ally Member
    First Answer First Comment Friend Collector Second Anniversary

    I am on latest firmware too.

    My issue was that users had "guest" type instead of "user", and on that type you cannot enable Google Authenticator options.

    Your menu is different because your user is admin. On admin users mine is identical to yours.

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,579  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @valerio_vanni ,

    Once the VPN is configured on the firewall, you should be able to directly click "Get from Server" to retrieve the script.

    Note:

    • With SecureExtender version 3.8.204.61.32 new VPN client for USG FLEX 200 can only use IP Sec VPN (IKEv2 VPN)
    • SecureExtender version 3.8.204.61.32 reached its EOL, which means our support for this model will be limited.

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community

  • valerio_vanni
    valerio_vanni Posts: 88  Ally Member
    First Answer First Comment Friend Collector Second Anniversary

    Ok, I can "Get from server", and for sure I'll get phase1 and phase2 parameters, but if I can download a script the script need to be on the server. And how do I upload the script to server?

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,579  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @valerio_vanni ,

    Could you please clarify - are you trying to modify the downloaded VPN script from server (firewall) and upload these changes back to change the server's configuration?


    If so, please note that this is not possible. The SecuExtender client cannot be used to modify server configurations. The "Get from Server" feature is designed as a one-way process that allows clients to conveniently download pre-configured VPN settings from the server. However, the server-side configuration still needs to be set manually.

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community

  • valerio_vanni
    valerio_vanni Posts: 88  Ally Member
    First Answer First Comment Friend Collector Second Anniversary

    Could you please clarify - are you trying to modify the downloaded VPN script from server (firewall) and upload these changes back to change the server's configuration?

    I'm not trying anything, I config client by hand.

    But I'd like to understand how this thing works (let's say a day I decide to use it…)

    You said that client can retrieve script with "get from server". Ok, this sounds good.

    I'm not talking about modify and upload back. I'm talking about uploading the script to the server in the first time.

    So, where in USG Flex 200 interface do I find a "script upload"?

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,579  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @valerio_vanni ,

    where in USG Flex 200 interface do I find a "script upload"?

    Could you please elaborate on what you mean by "script upload"? We need more details to better understand your question.

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community

  • valerio_vanni
    valerio_vanni Posts: 88  Ally Member
    First Answer First Comment Friend Collector Second Anniversary

    I try to explain better.

    You said:

    >Once the VPN is configured on the firewall, you should be able to directly click "Get from Server" to >retrieve the script.

    Ok, I understand that with "get from server" I can retrieve the script.

    But what script do I retrieve?

    Is it a script previously uploaded on firewall?

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,579  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi there,

    The script available through "Get From Server" is generated after you configure VPN using either the Wizard or manual setup.

    Please note that when using the VPN Wizard, you can only view this script once, immediately after completing the configuration process.

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community

  • valerio_vanni
    valerio_vanni Posts: 88  Ally Member
    First Answer First Comment Friend Collector Second Anniversary

    I always use manual config, I don't remember any script appearing after config… perhaps I didn't noticed it.

    Now I have another, more important, question: is 2FA supposed to work on L2TP vpn?

    I did some test and it didn't work.

    The tunnel goes up, and traffic starts to flow. Even if the user doesn't go through 2FA process.

Security Highlight