Chapter 43 Object
ZyWALL USG Series User’s Guide
875
The following table describes the labels in this screen.
43.11.5 Two-Factor Authentication Admin Access
Use this screen to select the service (
Web
,
SSH
, and
TELNET
) that requires two-factor authentication for
the admin user.
Table 345 Configuration > Object > Auth. Method > Two-factor Authentication > VPN Access
LABEL
DESCRIPTION
General Settings
Enable
Select the check box to require double-layer security to access a secured network behind the
Zyxel Device via a VPN tunnel.
Valid Time
Enter the maximum time (in minutes) that the user must click or tap the authorization link in the
SMS or email in order to get authorization for the VPN connection.
Two-factor
Authentication
for Services:
Select which kinds of VPN tunnels require Two-Factor Authentication. You should have
configured the VPN tunnel first.
• SSL VPN Access
• IPSec VPN Access
• L2TP/IPSec VPN Access
User/Group
This list displays the names of the users and user groups that can be selected for two-factor
authentication. The order of members is not important. Select users and groups from the
Selectable User/Group Objects
list that require two-factor authentication for VPN access to a
secured network behind the Zyxel Device and move them to the
Selected User/Group Objects
list. You can double-click a single entry to move it or use the [Shift] or [Ctrl] key to select multiple
entries and use the arrow button to move them.
Similarly, move user/groups that do not you do not require two-factor authentication back to
the
Selectable User/Group Objects
list.
Delivery Settings
Use this section to configure how to send an SMS or email for authorization.
Deliver Authorize
Link Method:
Select one or both methods:
• SMS:
Object > User/Group > User
must contain a valid mobile telephone number. A valid
mobile telephone number can be up to 20 characters in length, including the numbers 1~9
and the following characters in the square brackets [+*#()-].
• Email:
Object > User/Group > User
must contain a valid email address. A valid email address
must contain the @ character. For example, this is a valid email address:
abc@example.com
Authorize Link
URL Address:
Allows access to the link that the user will receive in the SMS or email. The user must be able to
access the link.
•
http
/
https
: you must enable
HTTP
or
HTTPS
in
System > WWW > Service Control
•
From Interface
/
User-Defined:
select the Zyxel Device WAN interface (
wan1
/
2
) or select
User-Defined
and then enter an IP address.
Message
You can either create a default message in the text box or upload a message file (
Use
Multilingual file
) from your computer. The message file must be named '2FA-msg.txt' and be in
UTF-8 format.
To create the file, click
Download the default 2FA-msg.txt example
and edit the file for your
needs. (If you make a mistake, use
Restore Customized File to Default
to restore your
customized file to the default.) Use
Select a File Path
to locate the final file on your computer
and then click
Upload
to transfer it to the Zyxel Device.
The message in either the text box or the file must contain the <url> variable within angle
brackets, while the <user>, <host>, and <time> variables are optional.
Apply
Click
Apply
to save the changes.
Reset
Click
Reset
to return the screen to its last-saved settings.
Summary of Contents for USG110
Page 27: ...27 PART I User s Guide ...
Page 195: ...195 PART II Technical Reference ...
Page 309: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 309 ...
Page 313: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 313 ...
Page 358: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 358 ...
Page 373: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 373 ...