ZyWALL Series CLI Reference Guide
488
56.5.2 VPN Access Two-Factor Command Example
The following example shows current two-factor command settings.
56.5.3 Admin Access
Use the following commands to configure whether Web, SSH, and TELNET require two-factor
authentication for the admin user.
Router# show two-factor-auth
Activate : yes
Valid Time : 3
Auth Server Type : interface
Auth Server : wan1
Send Http Link : no
Allow Access URL thru Tunnel : enable
Deliver-Method-SMS : enable
Deliver-Method-Email : enable
Message-Type : default
Message : <user>. You have initiated a VPN connection to a secured network
behind the <host>. Please click or tap the following link within <time>
minutes to get authorization for the VPN connection.
Service : ipsec,sslvpn,l2tp
Allowed User : any,
Router#
Table 278 two-factor Authentication Commands
COMMAND DESCRIPTION
[no] two-factor-auth admin-
access activate
Enables two-factor authentication to access a secured network behind
the Zyxel Device via the Web Configurator, SSH, or Telnet as the admin
user. The
no command disables double-layer security.
two-factor-auth admin-
access auth-method {google-
auth|pin-code}
Sets the default two-factor authentication method for new admin
accounts to either Google Authenticator or SMS/email).
[no] two-factor-auth admin-
access valid-time <1..5>
Sets the maximum time (1-5 minutes) that the admin user must enter the
code from the SMS or email in order to get authorization for logins via the
Web Configurator, SSH, or Telnet.
The
no command sets the maximum time to 3.
[no] two-factor-auth admin-
access deliver-method
{sms|email}
Sets the method to be used for two-factor authentication pin code
delivery to the admin user. The
no command removes the method.
• SMS: must contain a valid mobile telephone number. A valid mobile
telephone number can be up to 20 characters in length, including the
numbers 1~9 and the following characters in the square brackets
[+*#()-].
• email: must contain a valid email address. A valid email address must
contain the @ character. For example, this is a valid email address:
abc@example.com.
[no] two-factor-auth admin-
access user username
Uses this command and the admin user requires two-factor authentication
for admin access.
The
no command means the admin user does not require two-factor
authentication.
To Next Page
Loading...
