2FA solution that works with sma 500v but without smart device
Hi, I'm new to the community. With recent alerts from SonicWall, I've enabled 2FA for VPN access on our SMA 500v. However, some of my users are in areas where smart devices are not allowed. Does anyone know of a 2FA solution that works with SonicWall VPN and does not require a smart device? Thanks in advance.
Best Answer
-
BWC Cybersecurity Overlord ✭✭✭
Hi @DonMck
I heavily implement Radius based MFA solutions which work with standard TOTP key fob devices which should fit your need. Depending on your budget you could use RSA, Deepnet etc. On the OpenSource side LinOTP seems to be a good contester. Microsoft NPS can b
Unfortunately SonicWall broke the Radius Challenge-Response since the release of Version 10.x when authenticating through /spog (the new Contemporary Mode) which is a bummer, considering they promote MFA so hard in the recent days.
--Michael@BWC
0
Answers
Thank you for the response. It appears that SonicWall does not have native support for this without going with Radius or a 3rd party MFA solution. Our operation is too small to warrant a Radius implementation. This thread may be considered closed at this time.
We are having limited success using Smart Cards with Certificate Authority.
We are using Taglio C910 smart cards with an SMA 200.
So far, we can get the VPN to work with the SonicWall Mobile Connect app, but not NetExtender.
Mobile Connect prompts for the certificate and PIN, and connects okay. The issue we are having with Mobile Connect the connection is it is unstable and frequently drops the connection.
There is something wrong with the NeExtender software. During login NetExtender hangs up on verifying user it does not prompt for the certificate or the PIN number.
NeExtender works okay with Active Directory authentication users can stay on for 8 hours plus with no problems, regulation require us to go to 2FA in the near future.