Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

totp token preserved in HA ?

AlbertoAlberto Enthusiast ✭✭

Is the totp token (for example for 2FA in sslvpn) preserved on failover of machines to unity ?

or is the totp token associated with the macaddress of physical unit ?

Category: High End Firewalls


  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Alberto it's preserved, otherwise this would be a disaster everytime the unit switches the TOTP binding would became invalid.

    But fair question, we've seen questionable things in the past :)


  • AlbertoAlberto Enthusiast ✭✭

    Thanks. I don't understand last comment. I think this problem is about issue GEN-999 ?

    yesterday I had a failover on a 6600. Invalid otp result. I fixed it at the moment with another failover back to the main unit. Failover due to a process: "05/11/2023 10:35:24.656DP Core 14 GAV Processing taking 1 seconds05/11/2023 10:35:26.672Reboot due to DP Core[14] hang05/11/2023 10:35 :26.672Core Trace 14:

    causes: Interrupts"

    Firmware old but currently stable 6_5_4_7-83n--HFGEN6-1249

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Alberto do you believe that GEN6-999 might affect you? This issue sounds like it's meant for users not already binded their TOTP, but I might be wrong here, never faced this specific one.

    TOTP authentication is not supported on a High Availability pair when the same user has different QR code and scratch code on primary/secondary HA firewalls. GEN6-9

    If you can reproduce this issue with a simple failover I would raise a ticket for this.


Sign In or Register to comment.