Firewall - Configure 2FA with Google Authenticator for Admin Access

This article describes how to use Two Factor [2FA] with Google Authenticator for Admin Access.

kb1.jpg

Note! This process only works if Smartphone / Google Authentication time zone is similar to Firewall time zone. Please check the NTP and double check time and timezone for both the device and firewall.


Configuration Steps:

1. Enable Google Authentication on a specific admin user
Select a specific admin user and switch to the Two-factor Authentication tab.
kb2.jpg
 
Enable the checkbox Two-Factor Authentication for Admin Access.
In Two-factor Auth. Method, select "Google Authenticator". Click "Set up Google Authenticator" to start the setup.
 
kb3.jpg
 
2. Google Authenticator Setup
 
kb4.jpg
 
Download and install Google Authenticator on the corresponding app store of your mobile device.
Register the admin account to Google Authenticator.
Open the Google Authenticator App and scan the barcode on Web GUI.
kb5.jpg
kb6.jpg
 
kb7.jpg
 
Enter the token code displayed on the Google Authenticator and click “Verify code and finish” for verification.
kb8.jpg
 
kb9.jpg
 
The pop-up window message informs the verification result.
kb10.jpg
 
After 2FA registration is set up successfully, there are backup codes on web GUI.
The backup codes are for device login access in case you cannot access the application on your mobile device.
kb11.jpg
 
3. Configure valid time and login service types
Enable two factor authentication for admin access.
Configure valid time and select which services require two-factor authentication for admin user.
The valid time is the deadline that admin needs to submit the two-factor authentication code and get the access.
The access request is rejected when submitting the code later than the set valid time value.
By default, the valid time is set to 3 minutes.
kb12.jpg

 


VERIFICATION:

1. Login with the admin account "testadmin".
r1.jpg
 
2. A pop-up window appears for administrator to enter the verification code.
r2.jpg
 
3. Enter the code shown on Google Authenticator and click "Verify". You can also enter the backup code if you don’t have mobile device on hand.
r3.jpg
 
r5.jpgr4.jpg
 
 
4. Authorize with username, password and the token code successfully.

Articles in this section

Was this article helpful?
3 out of 4 found this helpful
Share