Chapter 56 Authentication Objects
ZyWALL Series CLI Reference Guide
487
[no] two-factor-auth
deliver-method {sms | email
| google-auth}
Sets the method to be used for two-factor authentication delivery to the
VPN client user. The
no command removes the method.
• SMS: must contain a valid mobile telephone number. A valid mobile
telephone number can be up to 20 characters in length, including the
numbers 1~9 and the following characters in the square brackets
[+*#()-].
• email: must contain a valid email address. A valid email address must
contain the @ character. For example, this is a valid email address:
abc@example.com.
• google-auth: must first set up your Zyxel Device on the Google
Authenticator app, see Section 56.5.3 on page 488 for more
information. Then enter a time-limited code from the Google
Authenticator app.
[no] two-factor-auth
service {sslvpn|ipsec|l2tp}
Sets which kinds of VPN tunnels require Two-Factor Authentication. You
should have configured the VPN tunnel first. The
no command removes
the VPN tunnel type.
• SSL VPN Access
• IPSec VPN Access
• L2TP/IPSec VPN Access
[no] two-factor-auth user
username
Sets the users or user groups that require two-factor authentication. The
user or user group accounts should be already created. The
no command
removes the users or user groups that require two-factor authentication.
two-factor-auth allow-
access-url-thru-tunnel
[activate | deactivate]
Allows access to the link that the user will receive in the SMS or email. The
user must be able to access the link and the Zyxel Device must have http/
https enabled with a WAN interface/IP address/domain-name defined.
The
no command removes access to the link.
[no] two-factor-auth http
activate
Enables the VPN client user to access the two-factor authorization page
using the http protocol.
Use the
no command to require the VPN client user to access the two-
factor authorization page using the https protocol.
two-factor-auth http port
<1...65535>
Sets a new port between 1 to 65535 that is not in use by other services.
Use this port for two-factor authentication of VPN clients to access the
network behind the Zyxel Device. VPN clients do not need to change the
port number on their devices, because the link to access the network
behind the Zyxel Device will contain the new port number.
For example, if you change this to port 8008 and the link is using a.b.c.d,
the VPN clients will see this link in their email or SMS to access the network
behind the Zyxel Device: https://a.b.c.d:8008.
show two-factor-auth
Displays current two-factor command settings for the VPN connection.
Table 277 Two-Factor Authentication Commands: VPN Access (continued)
COMMAND DESCRIPTION
To Next Page
Loading...
