Comments
-
This is still going through the PM for verification and reduplication, will update when there is an update.
-
Forced update to a USG FLEX 100 (USG 40 v2)...
-
Multiple truck rolls for this one... Thanks.
-
USG 40: 4.70 to 4.71 (also happened with a 4.63 to 4.70 update previously) USG 20 VPN: 5.20 to 5.21 (disabled auto Geo IP Updates, locked us out of remote and firewall functions. Definitions from 2015?!?!)
-
Mostly fixed with latest 5.20 version. Allows for access to the 2FA server for authentication. Would be a bit easier if it acted as a captive portal and automatically bring to authentication page versus manual entry.
-
Did a similar thing myself, the 2FA is enabled for login by the account from every access. Additionally, updating the firmware from 4.62 to 4.65 caused all the 2FA credentials to fail and also locked us out. This was a ZyXel issue. Authenticator nor backup codes worked. Had to reset and upload config.
-
@erosevt Thanks for the information, will give it a try on the next go round. On another note, your 172 network mask is a bit large and include some public spaces. Should be 12 bit mask, eg. 172.16.0.0/12 (255.240.0.0) (172.16.0.0-172.31.255.255)
-
Something needs to be addressed. We use 2FA for VPN at our locations and if we disable the HTTPS service for the latest incident mitigation, we cannot access the VPN!
-
Just a note on VPN 2FA and disabling WAN HTTPS... You now cannot access remotely if you do such a thing.
-
Lets assume for a minute its cellular and note the lack of real cellular support from USG or ZyXel in general. ;)
-
Yubikey or hardware based (U2F) would be a great addition
-
While this works with USG, it will not work with CradlePoint and others.They use the multiple remote networks on the policy of the VPN. We have tried this method prior.