Add two factor authentication to a VPN using Sophos UTM: Part onePosted on 18 February 2019 by Beaming Support
When you add 2FA to a VPN login you add an extra dimension of security, meaning users may only log on after providing an additional piece of information to prove their identity, in this case a code from Google Authenticator.
This may be something that’s critical in order for your business to comply with industry regulations, or just a feature to give you peace of mind when it comes to the security of your business data. Either way, if you’d like to enable 2 FA for logging on to an SSL VPN, it’s a relatively easy task on the Sophos UTM.
Follow the below steps to set this up ready for 2 factor authentication.
- Login to the UTM and go to Remote Access -> SSL. Here you’ll need to create a Profile for the VPN, so select ‘New Remote Access profile’. If you have integrated your UTM with Active Directory, you can drag ‘Active Directory Users’ into the Users and groups field, otherwise you will need to create users manually and drag the names into the field.
- Next, drag the defined internal network, server or device name into the ‘Local networks’ field. Make sure that ‘Automatic firewall rules’ is ticked and save the profile.
- Next, go to Definitions and Users -> Authentication Services-> One-time Password. Here we will setup the rules for 2 factor authentication. Under ‘Authentication Settings’ we will make changes based on your required setup. Presuming all users will need to authenticate, make sure the following are ticked for the least administration:
- All users must use one-time passwords.
- Auto-create OTP tokens for users
- User Portal
- SSL VPN Remote Access
This will enable all users to login to their UTM portal and view the Google Authenticator barcode on login.
- To enable users to see the Remote Access tab for downloading the VPN Client, go to Management -> User Portal -> Advanced. Under ‘Disable Portal Items’, make sure that ‘Remote Access’ is not ticked.
Found this useful?
Beaming is an Internet Service Provider for businesses so we’re experts in networking and all-things connectivity. Subscribe to receive our how-to guides, cyber security advice and business research direct to your inbox once a month.