Table of Contents
Advertisement
The Zyxel Device requests the user's user-name, password and mobile phone number or email address
3
from the Active Directory, RADIUS server or local Zyxel Device database in order to authenticate this
user's use of the VPN tunnel (factor 1). If they are not found, then the Zyxel Device terminates the VPN
tunnel.
If all correct credentials are found, then the Zyxel Device will request the Cloud SMS system to send an
4
authorization SMS or email to the client requesting VPN access (factor 2).
The client should access the authorization link sent via SMS or email by the Cloud SMS system within a
5
specified deadline (Valid Time).
If the authorization is correct and received on time, then the client can have VPN access to the secured
6
network. If the authorization deadline has expired, then the client will have to run the VPN client again. If
authorization credentials are incorrect or if the SMS/email was not received, then the client must check
with the network administrator.
Pre-configuration
Before configuration, you must:
• Set up the user's user-name, password and email address or mobile number in the Active Directory,
RADIUS server or local Zyxel Device database
• Configure the VPN tunnel for this user on the Zyxel Device
• Have an account with ViaNett to be able to send SMS/email authorization requests
• Enable HTTP and/or HTTPS in System > WWW > Service Control
• Configure SMS in System > Notification > SMS.
• Add HTTP and/or HTTPS in the Object > Service > Service Group > Default_Allow_WAN_To_ZyWALL
service group.
Two-Factor authentication may fail if one of the above is not configured or:
• The user did not receive the authorization SMS or email. Check if the mobile telephone number or
email address of the user in the Active Directory, RADIUS Server or local Zyxel Device database is
configured correctly
• ViaNett Authentication failed and no SMS was sent. Check that SMS is enabled and credentials are
correct in System > Notification > SMS.
• Mail server authentication failed. Check if the System > Notification > Mail Server settings are correct.
• The authorization timed out. Extend the Valid Time in Configuration > Object > Auth. Method > Two-
factor Authentication.
Configuration
Go to Configuration > Object > Auth. Method > Two-factor Authentication and configure the following
screen as shown.
Chapter 34 Object
ZyWALL ATP Series User's Guide
651
- Quick Links:
- Web Configurator
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications ZyWall ATP series
Related Products for ZyXEL Communications ZyWall ATP series
- ZyXEL Communications ZyWALL USG Series
- ZyXEL Communications ZyWALL 310
- ZyXEL Communications ZyWALL 310 Series
- ZyXEL Communications ZyWall ZLD Series
- ZyXEL Communications ZLD
- ZyXEL Communications ZyWALL ATP Series
- ZyXEL Communications ZyWALL 10
- ZyXEL Communications Internet Security Appliance ZyWALL5UTM 4.0