The article shows you how to enable 2-factor authentication for SSL VPN connections.
2 Steps to take
- 2.1 Enable Multifactor Authentication
- 2.2 Get 2 Factor Authentication code
- 2.3 Enable 2 Factor on user account and get VPN configuration file
- 2.4 Access VPN on user’s machine
- 2.5 Token Code Management
2.1 Enable Multifactor Authentication
At Sophos Firewall, go to Authentication > Multi-factor authentication
One-time password: Select Specific users and groups if you want to enable 2 Factor Authentication for the specified user or group. Select All users if you want to enable 2 Factor Authentication for all users.
OTP required for these users and groups: If we select Specific users and groups, we will specify a specific user or group here (if you want to configure the admin user, go to Administrator > Device access).
Generate OTP token with next sign-in: select enable.
Require MFA for: check SSL VPN remote access to apply for SSL VPN remote access
Then click Apply to apply the configuration.
2.2 Get 2 Factor Authentication code
At the user machine
Access the user portal page, log in with the user account that applied 2 factors in the previous step.
The Portal page appears with the following QR code.
Use Google authentication software on your phone to import the above QR code, you will receive a Token Code to log in
2.3 Enable 2 Factor on the user account and get the VPN configuration file
At the user machine, go to the User portal page.
Fill in the information
Username: Log in with the account that added 2 Factor.
Password: Password + Token Code (for example, password is abc, token code is 12345, enter abc12345)
After logging in with the QR code will not appear again. From the next time, the user who wants to log in will need to enter the password + token code as above.
The portal page appears, go to VPN
Sophos connect client: Download Sophos VPN access software Sophos connect to your computer to install.
VPN configuration: Choose to download the config file for your computer or mobile device.
2.4 Access VPN on user’s machine
Tạ At the user machine, install Sophos Connect. After installation is complete, open sophos connect and select Import connection to add the downloaded configuration file.
Enter account information
UserName: account name.
Password: password + token code (eg: password is abc, token code is 12345, then enter abc12345)
Select Sign in to log in
2.5 Token Code Management
To manage activated tokens. Go to Authentication > Multifactor Authentication > Issued Token