Home » ZyXEL Manuals » Network Security & Firewall Devices » ZyXEL ZyWALL ATP700 » Manual Viewer

ZyXEL ZyWALL ATP700 User Guide - Page 721

Two-Factor Authentication Admin Access

View all ZyXEL ZyWALL ATP700 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 721 highlights

Chapter 34 Object The following table describes the labels in this screen. Table 298 Configuration > Object > Auth. Method > Two-factor Authentication > VPN Access LABEL DESCRIPTION General Settings Enable Valid Time Select the check box to require double-layer security to access a secured network behind the Zyxel Device via a VPN tunnel. Enter the maximum time (in minutes) that the user must click or tap the authorization link in the SMS or email in order to get authorization for the VPN connection. Two-factor Authentication for Services: User/Group Select which kinds of VPN tunnels require Two-Factor Authentication. You should have configured the VPN tunnel first. • SSL VPN Access • IPSec VPN Access • L2TP/IPSec VPN Access This list displays the names of the users and user groups that can be selected for two-factor authentication. The order of members is not important. Select users and groups from the Selectable User/Group Objects list that require two-factor authentication for VPN access to a secured network behind the Zyxel Device and move them to the Selected User/Group Objects list. You can double-click a single entry to move it or use the [Shift] or [Ctrl] key to select multiple entries and use the arrow button to move them. Similarly, move user/groups that do not you do not require two-factor authentication back to the Selectable User/Group Objects list. Delivery Settings Use this section to configure how to send an SMS or email for authorization. Deliver Authorize Link Method: Select one or both methods: • SMS: Object > User/Group > User must contain a valid mobile telephone number. A valid mobile telephone number can be up to 20 characters in length, including the numbers 1~9 and the following characters in the square brackets [+*#()-]. • Email: Object > User/Group > User must contain a valid email address. A valid email address must contain the @ character. For example, this is a valid email address: [email protected] Authorize Link URL Address: Configure the link that the user will receive in the SMS or email. The user must be able to access the link. Message • http/https: you must enable HTTP or HTTPS in System > WWW > Service Control • From Interface/User-Defined: select the Zyxel Device WAN interface (wan1/2) or select User-Defined and then enter an IP address. You can either create a default message in the text box or upload a message file (Use Multilingual file) from your computer. The message file must be named '2FA-msg.txt' and be in UTF-8 format. To create the file, click Download the default 2FA-msg.txt example and edit the file for your needs. (If you make a mistake, use Restore Customized File to Default to restore your customized file to the default.) Use Select a File Path to locate the final file on your computer and then click Upload to transfer it to the Zyxel Device. The message in either the text box or the file must contain the variable within angle brackets, while the , , and variables are optional. Apply Click Apply to save the changes. Reset Click Reset to return the screen to its last-saved settings. 34.10.5 Two-Factor Authentication Admin Access Use this screen to select the service (Web, SSH, and TELNET) that requires two-factor authentication for the admin user. Go to Configuration > Object > Auth. Method > Two-factor Authentication > Admin Access and configure the following screen as shown. ZyWALL ATP Series User's Guide 721

Section	Page
ZyWALL ATP Series	1
Document Conventions	3
Contents Overview	4
Table of Contents	6
User’s Guide	24
Introduction	25
1.1 Overview	25
1.1.1 Model Feature Differences	25
1.2 Registration at myZyxel	26
1.2.1 Grace Period	27
1.2.2 Applications	27
1.3 Management Overview	30
1.4 Web Configurator	31
1.4.1 Web Configurator Access	31
1.4.2 Web Configurator Screens Overview	34
1.4.3 Navigation Panel	38
1.4.4 Tables and Lists	46
Initial Setup Wizard	50
2.1 Initial Setup Wizard Screens	50
2.1.1 Internet Access Setup - WAN Interface	50
2.1.2 Internet Access: Ethernet	51
2.1.3 Internet Access: PPPoE	52
2.1.4 Internet Access: PPTP	54
2.1.5 Internet Access: L2TP	56
2.1.6 Internet Access Setup - Second WAN Interface	58
2.1.7 Internet Access: Congratulations	59
2.1.8 Date and Time Settings	60
2.1.9 Register Device	60
2.1.10 Activate Service	62
2.1.11 Service Settings	63
2.1.12 Service Settings: SecuReporter	64
2.1.13 Wireless Settings: Management Mode	65
2.1.14 Wireless Settings: AP Controller	66
2.1.15 Wireless Settings: SSID & Security	66
2.1.16 Remote Management	67
Hardware, Interfaces and Zones	69
3.1 Hardware Overview	69
3.1.1 Front Panels	69
3.1.2 Rear Panels	71
3.2 Installation Scenarios	72
3.2.1 Desktop Installation Procedure	73
3.2.2 Rack-mounting	74
3.2.3 Wall-mounting	75
3.3 Default Zones, Interfaces, and Ports	77
3.4 Stopping the Zyxel Device	78
Quick Setup Wizards	79
4.1 Quick Setup Overview	79
4.2 WAN Interface Quick Setup	80
4.2.1 Choose an Ethernet Interface	80
4.2.2 Select WAN Type	81
4.2.3 Configure WAN IP Settings	81
4.2.4 ISP and WAN and ISP Connection Settings	82
4.2.5 Quick Setup Interface Wizard: Summary	85
4.3 VPN Setup Wizard	86
4.3.1 Welcome	86
4.3.2 VPN Setup Wizard: Wizard Type	87
4.3.3 VPN Express Wizard - Scenario	88
4.3.4 VPN Express Wizard - Configuration	89
4.3.5 VPN Express Wizard - Summary	89
4.3.6 VPN Express Wizard - Finish	90
4.3.7 VPN Advanced Wizard - Scenario	91
4.3.8 VPN Advanced Wizard - Phase 1 Settings	92
4.3.9 VPN Advanced Wizard - Phase 2	94
4.3.10 VPN Advanced Wizard - Summary	95
4.3.11 VPN Advanced Wizard - Finish	97
4.4 VPN Settings for Configuration Provisioning Wizard: Wizard Type	98
4.4.1 Configuration Provisioning Express Wizard - VPN Settings	98
4.4.2 Configuration Provisioning VPN Express Wizard - Configuration	99
4.4.3 VPN Settings for Configuration Provisioning Express Wizard - Summary	100
4.4.4 VPN Settings for Configuration Provisioning Express Wizard - Finish	101
4.4.5 VPN Settings for Configuration Provisioning Advanced Wizard - Scenario	102
4.4.6 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 1 Settings	103
4.4.7 VPN Settings for Configuration Provisioning Advanced Wizard - Phase 2	104
4.4.8 VPN Settings for Configuration Provisioning Advanced Wizard - Summary	105
4.4.9 VPN Settings for Configuration Provisioning Advanced Wizard - Finish	108
4.5 VPN Settings for L2TP VPN Settings Wizard	108
4.5.1 L2TP VPN Settings	109
4.5.2 L2TP VPN Settings	110
4.5.3 VPN Settings for L2TP VPN Setting Wizard - Summary	110
4.5.4 VPN Settings for L2TP VPN Setting Wizard - Completed	112
4.6 Wireless Setup Wizard	112
4.6.1 Management Mode	113
4.6.2 SSID	113
4.6.3 Radio	115
4.6.4 Summary	116
4.6.5 Wizard Completed	117
Dashboard	118
5.1 Overview	118
5.1.1 What You Can Do in this Chapter	118
5.2 The General Screen	118
5.2.1 Device Information Screen	120
5.2.2 System Status Screen	121
5.2.3 Tx/Rx Statistics	121
5.2.4 The Latest Logs Screen	122
5.2.5 System Resources Screen	122
5.2.6 DHCP Table Screen	123
5.2.7 Number of Login Users Screen	124
5.2.8 Current Login User	125
5.2.9 VPN Status	125
5.2.10 SSL VPN Status	126
5.3 The Advanced Threat Protection Screen	126
Technical Reference	128
Monitor	129
6.1 Overview	129
6.1.1 What You Can Do in this Chapter	129
6.2 The Port Statistics Screen	131
6.2.1 The Port Statistics Graph Screen	132
6.3 Interface Status Screen	133
6.4 The Traffic Statistics Screen	137
6.5 The Session Monitor Screen	139
6.6 The Login Users Screen	141
6.7 IGMP Statistics	143
6.8 The DDNS Status Screen	144
6.9 IP/MAC Binding	144
6.10 Cellular Status Screen	145
6.10.1 More Information	148
6.11 The UPnP Port Status Screen	149
6.12 USB Storage Screen	150
6.13 Ethernet Neighbor Screen	151
6.14 FQDN Object Screen	152
6.15 AP Information: AP List	154
6.15.1 AP List: More Information	157
6.15.2 AP List: Config AP	160
6.16 AP Information: Radio List	162
6.16.1 Radio List: More Information	164
6.17 AP Information: Built-in AP	165
6.18 AP Information: Top N APs	166
6.19 AP Information: Single AP	168
6.20 ZyMesh	169
6.21 SSID Info	170
6.22 Station Info: Station List	170
6.23 Station Info: Top N Stations	171
6.24 Station Info: Single Station	172
6.25 Detected Device	173
6.26 The IPSec Screen	174
6.27 The SSL Screen	176
6.28 The L2TP over IPSec Screen	176
6.29 The App Patrol Screen	177
6.30 The Content Filter Screen	178
6.31 The Anti-Malware Screen	180
6.32 The Reputation Filter Screen	182
6.33 The IDP Screen	184
6.34 Sandboxing	186
6.35 The Email Security Screens	187
6.35.1 Email Security Summary	187
6.35.2 The Email Security Status Screen	189
6.36 The SSL Inspection Screens	191
6.36.1 Certificate Cache List	192
6.37 Log Screens	193
6.37.1 View Log	193
6.37.2 View AP Log	195
Licensing	198
7.1 Registration Overview	198
7.1.1 What you Need to Know	198
7.1.2 Registration Screen	199
7.1.3 Service Screen	200
7.2 Signature Update	201
7.2.1 What you Need to Know	201
7.2.2 The Signature Screen	202
7.2.3 Auto Update	202
Wireless	204
8.1 Overview	204
8.1.1 What You Can Do in this Chapter	204
8.2 Built-in AP	204
8.2.1 Wireless > Built-in AP > General >Add/Edit SSID	206
8.2.2 Wireless > Built-in AP > Radio	209
8.3 Controller Screen	215
8.3.1 Connecting an AP to the Zyxel Device	215
8.3.2 Connecting an AP to the Zyxel Device Manually	216
8.3.3 Connecting an AP to the Zyxel Device Using DHCP Option 138	216
8.4 AP Management Screens	217
8.4.1 Mgnt. AP List	217
8.4.2 AP Policy	222
8.4.3 AP Group	223
8.4.4 Firmware	229
8.5 Rogue AP	230
8.5.1 Add/Edit Rogue/Friendly List	232
8.6 Auto Healing	233
8.7 RTLS Overview	234
8.7.1 What You Can Do in this Chapter	234
8.7.2 Before You Begin	234
8.7.3 Configuring RTLS	235
8.8 Technical Reference	236
8.8.1 Dynamic Channel Selection	236
8.8.2 Load Balancing	237
Interfaces	238
9.1 Interface Overview	238
9.1.1 What You Can Do in this Chapter	238
9.1.2 What You Need to Know	238
9.1.3 What You Need to Do First	243
9.2 Port Role	243
9.3 Port Configuration	244
9.4 Ethernet Summary Screen	245
9.4.1 Ethernet Edit	247
9.4.2 Proxy ARP	263
9.4.3 Virtual Interfaces	264
9.4.4 References	265
9.4.5 Add/Edit DHCPv6 Request/Release Options	266
9.4.6 Add/Edit DHCP Extended Options	267
9.5 PPP Interfaces	268
9.5.1 PPP Interface Summary	269
9.5.2 PPP Interface Add or Edit	270
9.6 Cellular Configuration Screen	275
9.6.1 Cellular Choose Slot	278
9.6.2 Add / Edit Cellular Configuration	278
9.7 Tunnel Interfaces	284
9.7.1 Configuring a Tunnel	286
9.7.2 Tunnel Add or Edit Screen	287
9.8 VLAN Interfaces	291
9.8.1 VLAN Summary Screen	292
9.8.2 VLAN Add/Edit	293
9.9 Bridge Interfaces	304
9.9.1 Bridge Summary	306
9.9.2 Bridge Add/Edit	307
9.10 VTI	318
9.10.1 Restrictions for IPSec Virtual Tunnel Interface	318
9.10.2 VTI Screen	319
9.10.3 VTI Add/Edit	319
9.11 Trunk Overview	323
9.11.1 What You Need to Know	323
9.12 The Trunk Summary Screen	326
9.12.1 Configuring a User-Defined Trunk	327
9.12.2 Configuring the System Default Trunk	329
9.13 Interface Technical Reference	330
Routing	335
10.1 Policy and Static Routes Overview	335
10.1.1 What You Can Do in this Chapter	335
10.1.2 What You Need to Know	336
10.2 Policy Route Screen	337
10.2.1 Policy Route Edit Screen	339
10.3 IP Static Route Screen	344
10.3.1 Static Route Add/Edit Screen	344
10.4 Policy Routing Technical Reference	346
10.5 Routing Protocols Overview	346
10.5.1 What You Need to Know	347
10.6 The RIP Screen	347
10.7 The OSPF Screen	349
10.7.1 Configuring the OSPF Screen	352
10.7.2 OSPF Area Add/Edit Screen	353
10.7.3 Virtual Link Add/Edit Screen	355
10.8 BGP (Border Gateway Protocol)	356
10.8.1 Allow BGP Packets to Enter the Zyxel Device	357
10.8.2 Configuring the BGP Screen	357
10.8.3 The BGP Neighbors Screen	359
10.8.4 Example Scenario	360
DDNS	362
11.1 DDNS Overview	362
11.1.1 What You Can Do in this Chapter	362
11.1.2 What You Need to Know	362
11.2 The DDNS Screen	363
11.2.1 The Dynamic DNS Add/Edit Screen	364
NAT	368
12.1 NAT Overview	368
12.1.1 What You Can Do in this Chapter	368
12.1.2 What You Need to Know	368
12.2 The NAT Screen	369
12.2.1 The NAT Add/Edit Screen	371
12.3 NAT Technical Reference	374
Redirect Service	376
13.1 Overview	376
13.1.1 HTTP Redirect	376
13.1.2 SMTP Redirect	376
13.1.3 What You Can Do in this Chapter	377
13.1.4 What You Need to Know	377
13.2 The Redirect Service Screen	379
13.2.1 The Redirect Service Edit Screen	380
ALG	382
14.1 ALG Overview	382
14.1.1 What You Need to Know	382
14.1.2 Before You Begin	385
14.2 The ALG Screen	385
14.3 ALG Technical Reference	387
UPnP	389
15.1 UPnP and NAT-PMP Overview	389
15.2 What You Need to Know	389
15.2.1 NAT Traversal	389
15.2.2 Cautions with UPnP and NAT-PMP	390
15.3 UPnP Screen	390
15.4 Technical Reference	391
15.4.1 Turning on UPnP in Windows 7 Example	391
15.4.2 Turn on UPnP in Windows 10 Example	395
15.4.3 Auto-discover Your UPnP-enabled Network Device	397
15.4.4 Web Configurator Easy Access in Windows 7	400
15.4.5 Web Configurator Easy Access in Windows 10	402
IP/MAC Binding	404
16.1 IP/MAC Binding Overview	404
16.1.1 What You Can Do in this Chapter	404
16.1.2 What You Need to Know	404
16.2 IP/MAC Binding Summary	405
16.2.1 IP/MAC Binding Edit	406
16.2.2 Static DHCP Edit	407
16.3 IP/MAC Binding Exempt List	408
Layer 2 Isolation	409
17.1 Overview	409
17.1.1 What You Can Do in this Chapter	409
17.2 Layer-2 Isolation General Screen	409
17.3 White List Screen	410
17.3.1 Add/Edit White List Rule	411
DNS Inbound LB	413
18.1 DNS Inbound Load Balancing Overview	413
18.1.1 What You Can Do in this Chapter	413
18.2 The DNS Inbound LB Screen	414
18.2.1 The DNS Inbound LB Add/Edit Screen	415
18.2.2 The DNS Inbound LB Add/Edit Member Screen	417
IPSec VPN	419
19.1 Virtual Private Networks (VPN) Overview	419
19.1.1 What You Can Do in this Chapter	421
19.1.2 What You Need to Know	421
19.1.3 Before You Begin	424
19.2 The VPN Connection Screen	424
19.2.1 The VPN Connection Add/Edit Screen	426
19.3 The VPN Gateway Screen	433
19.3.1 The VPN Gateway Add/Edit Screen	434
19.4 VPN Concentrator	441
19.4.1 VPN Concentrator Requirements and Suggestions	441
19.4.2 VPN Concentrator Screen	442
19.4.3 The VPN Concentrator Add/Edit Screen	442
19.5 Zyxel Device IPSec VPN Client Configuration Provisioning	443
19.6 IPSec VPN Background Information	445
SSL VPN	455
20.1 Overview	455
20.1.1 What You Can Do in this Chapter	455
20.1.2 What You Need to Know	455
20.2 The SSL Access Privilege Screen	456
20.2.1 The SSL Access Privilege Policy Add/Edit Screen	457
20.3 The SSL Global Setting Screen	459
L2TP VPN	461
21.1 Overview	461
21.1.1 What You Can Do in this Chapter	461
21.1.2 What You Need to Know	461
21.2 L2TP VPN Screen	462
21.2.1 Example: L2TP and Zyxel Device Behind a NAT Router	464
BWM (Bandwidth Management)	467
22.1 Overview	467
22.1.1 What You Can Do in this Chapter	467
22.1.2 What You Need to Know	467
22.2 The Bandwidth Management Configuration	471
22.2.1 The Bandwidth Management Add/Edit Screen	474
Web Authentication	483
23.1 Web Auth Overview	483
23.1.1 What You Can Do in this Chapter	483
23.1.2 What You Need to Know	484
23.2 Web Authentication General Screen	484
23.2.1 User-aware Access Control Example	489
23.2.2 Authentication Type Screen	495
23.2.3 Custom Web Portal / User Agreement File Screen	499
23.3 SSO Overview	500
23.4 SSO - Zyxel Device Configuration	502
23.4.1 Configuration Overview	502
23.4.2 Configure the Zyxel Device to Communicate with SSO	502
23.4.3 Enable Web Authentication	503
23.4.4 Create a Security Policy	505
23.4.5 Configure User Information	506
23.4.6 Configure an Authentication Method	507
23.4.7 Configure Active Directory	508
23.5 SSO Agent Configuration	509
Security Policy	512
24.1 Overview	512
24.2 One Security	513
24.3 What You Can Do in this Chapter	516
24.3.1 What You Need to Know	516
24.4 The Security Policy Screen	518
24.4.1 Configuring the Security Policy Control Screen	519
24.4.2 The Security Policy Control Add/Edit Screen	523
24.5 Anomaly Detection and Prevention Overview	524
24.5.1 The Anomaly Detection and Prevention General Screen	525
24.5.2 Creating New ADP Profiles	526
24.5.3 Traffic Anomaly Profiles	527
24.5.4 Protocol Anomaly Profiles	530
24.6 The Session Control Screen	533
24.6.1 The Session Control Add/Edit Screen	534
24.7 Security Policy Example Applications	535
Application Patrol	538
25.1 Overview	538
25.1.1 What You Can Do in this Chapter	538
25.1.2 What You Need to Know	538
25.2 Application Patrol Profile	539
25.2.1 Profile Action: Apply to a Security Policy	540
25.2.2 Application Patrol Profile > Add/Edit - My Application	543
25.2.3 Application Patrol Profile > Add/Edit - Query Result	544
Content Filter	547
26.1 Overview	547
26.1.1 What You Can Do in this Chapter	547
26.1.2 What You Need to Know	547
26.1.3 Before You Begin	549
26.2 Content Filter Profile Screen	549
26.2.1 Apply to a Security Policy	550
26.2.2 Content Filter Add Profile Category Service	553
26.2.3 Content Filter Add Filter Profile Custom Service	566
26.3 Content Filter Trusted Web Sites Screen	568
26.4 Content Filter Forbidden Web Sites Screen	569
26.5 Content Filter Technical Reference	570
Anti-Malware	572
27.1 Overview	572
27.1.1 What You Can Do in this Chapter	576
27.2 Anti-Malware Screen	577
27.3 The White List Screen	581
27.4 The Black List Screen	582
27.5 Anti-Malware Signature Searching	583
27.6 Anti-Malware Technical Reference	584
Reputation Filter	586
28.1 Overview	586
28.1.1 What You Need to Know	586
28.1.2 What You Can Do in this Chapter	586
28.2 IP Reputation Screen	586
28.2.1 IP Reputation White List Screen	590
28.2.2 IP Reputation Black List Screen	590
28.3 URL Threat Filter Screen	591
28.3.1 URL Threat Filter White List Screen	593
28.3.2 URL Threat Filter Black List Screen	594
IDP	596
29.1 Overview	596
29.1.1 What You Can Do in this Chapter	596
29.1.2 What You Need To Know	596
29.1.3 Before You Begin	596
29.2 The IDP Screen	597
29.2.1 Query Example	601
29.3 IDP Custom Signatures	602
29.3.1 Add / Edit Custom Signatures	603
29.3.2 Custom Signature Example	607
29.3.3 Applying Custom Signatures	609
29.3.4 Verifying Custom Signatures	610
29.4 The White List Screen	610
29.5 IDP Technical Reference	611
Sandboxing	614
30.1 Overview	614
30.1.1 What You Need to Know	615
30.2 Sandboxing Screen	615
Email Security	618
31.1 Overview	618
31.1.1 What You Can Do in this Chapter	618
31.1.2 What You Need to Know	618
31.2 Before You Begin	619
31.3 The Email Security Screen	620
31.4 The Black List / White List Screen	622
31.4.1 The Black or White List Add/Edit Screen	623
31.4.2 Regular Expressions in Black or White List Entries	625
31.5 Email Security Technical Reference	625
SSL Inspection	629
32.1 Overview	629
32.1.1 What You Can Do in this Chapter	629
32.1.2 What You Need To Know	629
32.1.3 Before You Begin	630
32.2 The SSL Inspection Profile Screen	630
32.2.1 Apply to a Security Policy	631
32.2.2 Add / Edit SSL Inspection Profiles	634
32.3 Exclude List Screen	635
32.4 Certificate Update Screen	637
32.5 Install a CA Certificate in a Browser	638
IP Exception	641
33.1 Overview	641
33.2 The IP Exception Screen	641
33.2.1 The IP Exception Add/Edit Screen	642
Object	644
34.1 Zones Overview	644
34.1.1 What You Need to Know	644
34.1.2 The Zone Screen	645
34.2 User/Group Overview	647
34.2.1 What You Need To Know	647
34.2.2 User/Group User Summary Screen	649
34.2.3 User/Group Group Summary Screen	654
34.2.4 User/Group Setting Screen	655
34.2.5 User/Group MAC Address Summary Screen	660
34.2.6 User /Group Technical Reference	662
34.3 AP Profile Overview	662
34.3.1 Radio Screen	663
34.3.2 SSID Screen	669
34.4 MON Profile	678
34.4.1 Overview	678
34.4.2 Configuring MON Profile	679
34.4.3 Add/Edit MON Profile	680
34.4.4 Technical Reference	681
34.5 ZyMesh Overview	682
34.5.1 ZyMesh Profile	684
34.5.2 Add/Edit ZyMesh Profile	685
34.6 Address/Geo IP Overview	685
34.6.1 What You Need To Know	686
34.6.2 Address Summary Screen	686
34.6.3 Address Group Summary Screen	690
34.6.4 Geo IP Summary Screen	692
34.7 Service Overview	695
34.7.1 What You Need to Know	695
34.7.2 The Service Summary Screen	696
34.7.3 The Service Group Summary Screen	698
34.8 Schedule Overview	700
34.8.1 What You Need to Know	700
34.8.2 The Schedule Screen	701
34.8.3 The Schedule Group Screen	704
34.9 AAA Server Overview	705
34.9.1 Directory Service (AD/LDAP)	706
34.9.2 RADIUS Server	706
34.9.3 ASAS	706
34.9.4 What You Need To Know	707
34.9.5 Active Directory or LDAP Server Summary	708
34.9.6 RADIUS Server Summary	712
34.10 Auth. Method Overview	715
34.10.1 Before You Begin	715
34.10.2 Example: Selecting a VPN Authentication Method	715
34.10.3 Authentication Method Objects	716
34.10.4 Two-Factor Authentication VPN Access	718

Match case Limit results 1 per page

Chapter 34 Object

ZyWALL ATP Series User’s Guide

721

The following table describes the labels in this screen.

34.10.5

Two-Factor Authentication Admin Access

Use this screen to select the service (

Web

SSH

, and

TELNET

) that requires two-factor authentication for

the admin user.

Go to

Configuration > Object > Auth. Method > Two-factor Authentication > Admin Access

and

configure the following screen as shown.

Table 298

Configuration > Object > Auth. Method > Two-factor Authentication > VPN Access

LABEL

DESCRIPTION

General Settings

Enable

Select the check box to require double-layer security to access a secured network behind the

Zyxel Device via a VPN tunnel.

Valid Time

Enter the maximum time (in minutes) that the user must click or tap the authorization link in the

SMS or email in order to get authorization for the VPN connection.

Two-factor

Authentication

for Services:

Select which kinds of VPN tunnels require Two-Factor Authentication. You should have

configured the VPN tunnel first.

•

SSL VPN Access

•

IPSec VPN Access

•

L2TP/IPSec VPN Access

User/Group

This list displays the names of the users and user groups that can be selected for two-factor

authentication. The order of members is not important. Select users and groups from the

Selectable User/Group Objects

list that require two-factor authentication for VPN access to a

secured network behind the Zyxel Device and move them to the

Selected User/Group Objects

list. You can double-click a single entry to move it or use the [Shift] or [Ctrl] key to select multiple

entries and use the arrow button to move them.

Similarly, move user/groups that do not you do not require two-factor authentication back to

the

Selectable User/Group Objects

list.

Delivery Settings

Use this section to configure how to send an SMS or email for authorization.

Deliver Authorize

Link Method:

Select one or both methods:

•

SMS:

Object > User/Group > User

must contain a valid mobile telephone number. A valid

mobile telephone number can be up to 20 characters in length, including the numbers 1~9

and the following characters in the square brackets [+*#()-].

•

Email:

Object > User/Group > User

must contain a valid email address. A valid email address

must contain the @ character. For example, this is a valid email address:

[email protected]

Authorize Link

URL Address:

Configure the link that the user will receive in the SMS or email. The user must be able to access

the link.

•

http

https

: you must enable

HTTP

HTTPS

System > WWW > Service Control

•

From Interface

User-Defined:

select the Zyxel Device WAN interface (

wan1

) or select

User-Defined

and then enter an IP address.

Message

You can either create a default message in the text box or upload a message file (

Use

Multilingual file

) from your computer. The message file must be named '2FA-msg.txt' and be in

UTF-8 format. To create the file, click

Download the default 2FA-msg.txt example

and edit the

file for your needs. (If you make a mistake, use

Restore Customized File to Default

to restore your

customized file to the default.) Use

Select a File Path

to locate the final file on your computer

and then click

Upload

to transfer it to the Zyxel Device.

The message in either the text box or the file must contain the <url> variable within angle

brackets, while the <user>, <host>, and <time> variables are optional.

Apply

Click

Apply

to save the changes.

Reset

Click

Reset

to return the screen to its last-saved settings.