ZyXEL ZyWALL ATP700 User Guide - Page 721
Two-Factor Authentication Admin Access
View all ZyXEL ZyWALL ATP700 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 721 highlights
Chapter 34 Object The following table describes the labels in this screen. Table 298 Configuration > Object > Auth. Method > Two-factor Authentication > VPN Access LABEL DESCRIPTION General Settings Enable Valid Time Select the check box to require double-layer security to access a secured network behind the Zyxel Device via a VPN tunnel. Enter the maximum time (in minutes) that the user must click or tap the authorization link in the SMS or email in order to get authorization for the VPN connection. Two-factor Authentication for Services: User/Group Select which kinds of VPN tunnels require Two-Factor Authentication. You should have configured the VPN tunnel first. • SSL VPN Access • IPSec VPN Access • L2TP/IPSec VPN Access This list displays the names of the users and user groups that can be selected for two-factor authentication. The order of members is not important. Select users and groups from the Selectable User/Group Objects list that require two-factor authentication for VPN access to a secured network behind the Zyxel Device and move them to the Selected User/Group Objects list. You can double-click a single entry to move it or use the [Shift] or [Ctrl] key to select multiple entries and use the arrow button to move them. Similarly, move user/groups that do not you do not require two-factor authentication back to the Selectable User/Group Objects list. Delivery Settings Use this section to configure how to send an SMS or email for authorization. Deliver Authorize Link Method: Select one or both methods: • SMS: Object > User/Group > User must contain a valid mobile telephone number. A valid mobile telephone number can be up to 20 characters in length, including the numbers 1~9 and the following characters in the square brackets [+*#()-]. • Email: Object > User/Group > User must contain a valid email address. A valid email address must contain the @ character. For example, this is a valid email address: [email protected] Authorize Link URL Address: Configure the link that the user will receive in the SMS or email. The user must be able to access the link. Message • http/https: you must enable HTTP or HTTPS in System > WWW > Service Control • From Interface/User-Defined: select the Zyxel Device WAN interface (wan1/2) or select User-Defined and then enter an IP address. You can either create a default message in the text box or upload a message file (Use Multilingual file) from your computer. The message file must be named '2FA-msg.txt' and be in UTF-8 format. To create the file, click Download the default 2FA-msg.txt example and edit the file for your needs. (If you make a mistake, use Restore Customized File to Default to restore your customized file to the default.) Use Select a File Path to locate the final file on your computer and then click Upload to transfer it to the Zyxel Device. The message in either the text box or the file must contain the variable within angle brackets, while the , , and variables are optional. Apply Click Apply to save the changes. Reset Click Reset to return the screen to its last-saved settings. 34.10.5 Two-Factor Authentication Admin Access Use this screen to select the service (Web, SSH, and TELNET) that requires two-factor authentication for the admin user. Go to Configuration > Object > Auth. Method > Two-factor Authentication > Admin Access and configure the following screen as shown. ZyWALL ATP Series User's Guide 721