Management General Management Topics Logging and Reporting Multi-Domain Management Policy Management
- Local User Groups
AI & Machine Learning
1. Identity Awareness VPN: when client dail to gw, which will authenticate with AD? GW or SMC? Or GW cached authentication message in local?
2. How to config two-factor authentication in VPN? If I want to config another factor is OTP in Mobile access VPN, CP only support RSA?
3. Can we config two-factor authentication only in Radius server?
In general, if you want to configure multi-factor authentication, RADIUS is the mechanism to do it.
Legacy SecurID is also supported, but even SecurID uses RADIUS these days.
The authentication occurs between the gateway and the RADIUS (or SecurID) server.
If you want to require multiple authentication schemes (e.g. Certificates plus Password, be it with RADIUS or whatever), then refer to: Multiple Authentication Schemes for Mobile Access / Remote Access
We want to use two-fator authentication in our production enviroment, mobile access vpn and Endpoint Security VPN. Which combinations need client license? THX!
Mobile Access VPN uses Mobile Access licenses, which are based on concurrent users connected to gateway.
Endpoint Security VPN requires Endpoint Licenses, which are based on number of hosts installed.
The authentication you use isn't relevant to the above.
OK, THX! Another about IA+VPN question, CP cooperate with Radius server(cooperate with LDAP+OTP), we want to input
username: LDAP username
PSW： LDAPpsw+OTP in VPN authentication login.
Can it come true in CP?
The SK I linked in my original response explains how the VPN client supports multiple authentication schemes (specifically how to require more than one).