Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

2FA solution that works with sma 500v but without smart device

DonMckDonMck Newbie ✭

Hi, I'm new to the community. With recent alerts from SonicWall, I've enabled 2FA for VPN access on our SMA 500v. However, some of my users are in areas where smart devices are not allowed. Does anyone know of a 2FA solution that works with SonicWall VPN and does not require a smart device? Thanks in advance.

Category: VPN Client
Reply

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Accepted Answer

    Hi @DonMck

    I heavily implement Radius based MFA solutions which work with standard TOTP key fob devices which should fit your need. Depending on your budget you could use RSA, Deepnet etc. On the OpenSource side LinOTP seems to be a good contester. Microsoft NPS can b

    Unfortunately SonicWall broke the Radius Challenge-Response since the release of Version 10.x when authenticating through /spog (the new Contemporary Mode) which is a bummer, considering they promote MFA so hard in the recent days.

    --Michael@BWC

Answers

  • DonMckDonMck Newbie ✭

    Thank you for the response. It appears that SonicWall does not have native support for this without going with Radius or a 3rd party MFA solution. Our operation is too small to warrant a Radius implementation. This thread may be considered closed at this time.

  • CFTCFT Newbie ✭

    We are having limited success using Smart Cards with Certificate Authority.

    We are using Taglio C910 smart cards with an SMA 200. 

    So far, we can get the VPN to work with the SonicWall Mobile Connect app, but not NetExtender. 

    Mobile Connect prompts for the certificate and PIN, and connects okay. The issue we are having with Mobile Connect the connection is it is unstable and frequently drops the connection.

    There is something wrong with the NeExtender software. During login NetExtender hangs up on verifying user it does not prompt for the certificate or the PIN number.  

    NeExtender works okay with Active Directory authentication users can stay on for 8 hours plus with no problems, regulation require us to go to 2FA in the near future.

Sign In or Register to comment.