Jump to content


Photo

SSL VPN and (Google) authenticator

NGF authenticator SSL VPN OTP F80

  • Please log in to reply
1 reply to this topic

#1 B. Smeets

B. Smeets
  • Members
  • 3 posts
  • LocationHaarlem, Netherlands

Posted 09 August 2018 - 09:07 AM

A client of ours asked us to find a secure and easy-to-use solution for their users to connect to a few internal web pages and RD-servers. The use of an authenticator is mandatory. 

I've found a way to set it up, but I want to know if there is a better way to do it. If it's not, this can be considered as feature requests.

 

The setup:

Right now there are two user groups in Active Directory; one group named mfa_setup and another one named mfa_users. Users in the mfa_setup group are allowed to sign in to the SSL webpage with only their username and password. No icons and apps are shown there, so they should only be able to set up the authenticator.

 

After this, an administrator has to move the user manually to the mfa_users group so that the user is asked for the authentication code next time. This also makes them able to sign in into the CudaLaunch app and use a basic set of resources.

 

The issue:

I know this is possible in the full SSL VPN solution, but I want to provide users with a one time password and/or to let them sign in one time without the authentication code. But with that, they shouldn't be able to use any of the apps.

 

 



#2 Gavin Chappell

Gavin Chappell
  • Moderators
  • 377 posts
  • LocationNottingham, UK

Posted 10 August 2018 - 10:45 AM

This is currently not possible within the SSL VPN engine on the CloudGen Firewall.

 

Our feature request portal is located here - https://netsecfeedback.barracuda.com/- I would suggest that the best thing for you to do is to take a look here and see if anyone else has raised the same issue, if they have then you can vote for it to increase its visibility to product management, and you should receive any updates on its progress.