ZyWALL Series CLI Reference Guide
486
56.5 Two-Factor Authentication Commands
56.5.1 Two-Factor Authentication VPN Access
Use the following commands to configure which users and services require two-factor authentication for
VPN access.
Table 277 Two-Factor Authentication Commands: VPN Access
COMMAND DESCRIPTION
[no] two-factor-auth
activate
Enables two-factor authentication to access a secured network behind
the Zyxel Device via a VPN tunnel. The
no command disables double-
layer security.
[no] two-factor-auth valid-
time <1..15>
Sets the maximum time (1-15 minutes) that the VPN client user must click or
tap the authorization link in the SMS or email in order to get authorization
for the VPN connection. The
no command sets the maximum time to 3.
two-factor-auth server
interface interface_name
Sets the Zyxel Device WAN interface to be used for two-factor
authentication. This is part of the link that the VPN client user will receive in
the SMS or email. The VPN client user must be able to access the link.
interface_name: See Section 16.2 on page 121 for information about
interface names.
two-factor-auth server
user-defined
{ipv4|domain_name}
Sets the WAN IPv4 address or domain name to be used for two-factor
authentication. This is part of the link that the VPN client user will receive in
the SMS or email. The VPN client user must be able to access the link.
domain_name: This name can be up to 254 alphanumeric characters long.
Spaces are not allowed, but dashes “-” and underscores “_” are
accepted.
ipv4: IPv4 address <W.X.Y.Z>
two-factor-auth sms message
{message_quoted | message}
Sets the SMS message the VPN client user will receive by SMS for two-factor
authentication. Use <user>, <host>, <url>, and <time> (in angular brackets)
as variables to display dynamic information. The message must contain
the <url> variable.
message_quoted: Put the actual message in quotes.
message: Put the name of a file with the message. The message file
must be named '2FA-msg.txt' and be in UTF-8 format.
two-factor-auth message
{message_quoted | message}
Sets the SMS message the VPN client user will receive by email for two-
factor authentication. Use <user>, <host>, <url>, and <time> (in angular
brackets) as variables to display dynamic information. The message must
contain the <url> variable.
message_quoted: Put the actual message in quotes.
message: Put the name of a file with the message. The message file
must be named '2FA-msg.txt' and be in UTF-8 format.
two-factor-auth message-
type {default | file}
Sets which message to be used for two-factor authentication.
default: a message edited using the two-factor-auth message
command or via the web configurator.
file: a message file uploaded from your computer using the two-
factor-auth message
command or via the web configurator.
To Next Page
Loading...
