2FA authentication by EMail

PeterUK · January 13

2FA authentication by EMail on FLEX H models

allow 2FA authentication from other IP then the connecting VPN IP is from

allow 2FA authentication by WAN

Zyxel_Judy · January 15

Hi @PeterUK ,

Could you share your specific reasons for wanting to use email-based 2FA authentication on FLEX H models?

Have you considered using Google Authenticator as an alternative?

allow 2FA authentication by WAN

Could you provide more details about your requirements/ scenario?
Why do you need to enable 2FA authentication by WAN?

PeterUK · January 15

One might only like email-based 2FA authentication over Google Authenticator or your not able to have Google Authenticator

At this time for my setup that a hope Kay gets round to looking at 2FA just does not work with firewall on for some reason.

So what I don't know is does 2FA page meant to work over the VPN tunnel when connected then the full connect is allowed? as that would explain some things

PeterUK · January 18

So another use case for Email is the remote user is a long way away and you don't want to give them admin access to the FLEX they can't scan the QR code on there phone for Google Authenticator so ok their is "Can not scan the QR code?" so you send this info by Email for them to add it manually then they have to send you the code for Verify your device on FLEX by Email which will be a pain and needs to be done in time.

Zyxel_Judy · January 21

Hi @PeterUK ,

Since there is a voting system in the Zyxel community, we recommend submitting only one idea per post. This makes it easier for members to track and vote on specific suggestions.

Please keep this post focused on your first idea "2FA authentication by EMail on FLEX H models". Thank you for providing the scenario and explaining your requirements for this feature. We will evaluate your request thoroughly. Please follow our Firewall News & Releases channel to stay informed about future feature implementations.

News and Release - Zyxel Community

Regarding your other issues and suggestions, Kay has already provided a response in the original post:

allow 2FA authentication from other IP then the connecting VPN IP is from

https://community.zyxel.com/en/discussion/comment/73884/#Comment_73884

allow 2FA authentication by WAN

https://community.zyxel.com/en/discussion/comment/73609/#Comment_73609

nielsscheldeman · January 29

Another reason could be because with Ext-group-user connected to AD, you can only use 2FA mail.

1: this is also something that might be implemented with Google Authenticator, would be very nice, even if it's still on the non H models

2: Ext-group-user not supported on FLEX 200H models.

So it was already a crippled feature, now it is even more crippled with H series with lack of Ext-Group-User support.

Zyxel_Judy · February 6

Hi users,

Recognizing the potential usefulness of the feature as 2FA authentication by email for users, we are considering this as a potential feature.

Please follow the Firewall News & Release to know about the enhancements and new features.

nielsscheldeman · August 6

I'm setting up now in production a FLEX200H for my own company, because Ext-Group-User works now. I can wait for 2FA for the VPN users for now.

But on my old FLEX I had 2FA through mail enabled for admin web access. I do it for all my clients like that, so I don't have to set up dozens of Google authenticator profiles on my smartphone. It seems now that feature is missing?

On old flex you could set up next to admin an emailaddres and then press send code. After that enable Admin Access through mail.

If I want to do that now I get this:

We're not there yet with the FLEX H Series. Thank god all my current cliënts are 100% moved to FLEX Series, so I'm good for some years for existing cliënts. New cliënts will be a little problem with 2FA, but it's very good that Ext-Group-User is now available.

2FA authentication by EMail

Active · Last Updated January 13

Comments

Categories

Security Help Center