ZyWALL Series CLI Reference Guide
484
3 The Zyxel Device requests the user’s user-name, password and mobile phone number or email address
from the Active Directory, RADIUS server or local Zyxel Device database in order to authenticate this
user's use of the VPN tunnel (factor 1). If they are not found, then the Zyxel Device terminates the VPN
connection.
4 If all correct credentials are found, then the Zyxel Device requests the Email-to-SMS Provider to send an
authorization SMS, or the Zyxel Device sends an email to the client requesting VPN access (factor 2).
5 The client must open the authorization link sent via SMS or email within a user-specified time period
(Valid Time).
6 If the authorization is correct and received on time, the client can access the secured network through
the VPN tunnel.
Admin Access (Web Configurator, SSH, Telnet)
1 An admin user connects to the Zyxel Device through the Web Configurator, SSH, or Telnet.
2 The Zyxel Device requests the admin user’s user-name, password and mobile phone number or email
address from the Active Directory, RADIUS server or local Zyxel Device database in order to
authenticate this admin user.
3 If all correct credentials are found, then the Zyxel Device requests the Email-to-SMS Provider to send an
authorization SMS, or the Zyxel Device sends an email to the client requesting VPN access (factor 2).
4 The client must enter the code sent via SMS or email within a user-specified time period (Valid Time).
5 If the authorization is correct and received on time, the admin user can log into Zyxel Device.
56.4.3 SMS/Email Configuration
Before enabling SMS/email Two-Factor Authentication, you must:
• Set up the user’s user-name, password and email address or mobile number in the Active Directory,
RADIUS server or local Zyxel Device database
• Configure the VPN tunnel for this user on the Zyxel Device
• Have an account with an Email-to-SMS Provider to be able to send SMS authorization requests
• Enable HTTP and/or HTTPS
• Enable SSH and/or Telnet
• Configure SMS and a mail server.
Two-Factor authentication may fail if one of the above is not configured or one of the below occurred.
• The user did not receive the authorization SMS or email. Check if the mobile telephone number or
email address of the user in the Active Directory, RADIUS Server or local Zyxel Device database is
configured correctly.
• Email-to-SMS Provider Authentication failed and no SMS was sent. Check that SMS is enabled on the
Zyxel Device and credentials are correct.
• Mail server authentication failed. Check if the mail server settings are correct on the Zyxel Device.
• The authorization timed out. Extend the Valid Time.
To Next Page
Loading...
