How to get QR code for new phone and NetExtender?
We use the VPN on our TZ400 and NetExtender on remote clients with MS Authenticator as the 2FA app on people's cell phones. One of our staff got a new phone and has installed MS Authenticator but cannot get the QR code from the SonicWall to add the account to his new phone. When he tries connection to the SonicWall's public IP and port 4433 he is prompted to enter his 2FA code, which of course he cannot.
How does he get his new phone configured? Thanks
Category: SSL VPN
Tagged:
0
Answers
@SYSADMIN this is what you're looking for.
https://www.sonicwall.com/support/knowledge-base/how-to-unbind-totp-for-a-single-user-or-multiple-users-when-using-2-factors-authentication/210519112527650
—Michael@BWC
Michael - thanks for that link. Before I get the user involved I have a question or two. That reference shows how to unbind the TOTP key, which I did not do. Will that then cause a QR code to be displayed on the user's computer the next time he connects to the SonicWall IP:port?
Next question. While trying to figure this out, I changed this user's authentication method to OTP via email. Would doing that have automatically unbound the TOTP and perhaps now all I have to do is change the authentication method back to TOTP and he'll get the QR code?
If TOTP is unbound the user needs to login to the firewall via Browser, that is IMHO the only way to get the new QR Code.
I changed from TOTP to Mail and back to TOTP, MFA still gets accepted, so no unbind here.
—Michael