USG20-VPN two factor authentication

I'm trying to activate 2 factor authentication via email for our SSL VPN users.
I've already setup SMTP mail settings and my device is able to send emails using the instructions below.
But I'm stuck on the final step. I've added email addresses to my users and enabled Two Factor Authentication and I'm choosing From Interface-->WAN as in picture below. I'm under the impression that when I try to connect with my Zywall Secuextender VPN client I should get an email with a link of some kind as the second factor authentication but I'm not getting anything.
Am I using the correct method to enable two factor authentication for a VPN client connection?

  1. Log in to the unit by entering its IP address and the credentials for an admin account (by default, username is “admin”, password is “1234”)
  2. Configure your L2TP / IPSec / SSL connection as desired
  3. Navigate to Configuration > Object User/Group > User to create or edit a user
  4. Take care to fill in a valid mail address to which the second auth. factor for this user will be sent
  5. Put this user into the allowed VPN users group in the tab “Group”
  6. Navigate to Configuration > System > Notification > Mail Server and fill in the credentials for a SMTP server (if you don´t own a mail server, you can use a free Gmail account for example)
  7. Navigate to Configuration > Object > Auth. Method > Two-factor Authentication to enable this feature for the desired VPN (SSL / L2TP / IPSec)
  8. Under “User/Group” you can select the users which should authenticate using 2 FA
  9. Under “Delivery Settings” enable “Email”
  10. Under “Authorize Link URL Address” you can chose “From Interface” and the respective interface or “User-Defined” to enter an IP address or (DynDNS-) domain name


  • udocudoc Member Posts: 1


    were you able to get this worked out. one note i saw in the guide was to make sure your device is registered.

    i have a slight different issue. i get the email but i am ABLE to access resources before the 2 factor. is this a firewall configuration issue i have?

  • fabiobizzfabiobizz Member Posts: 1
    Ho fatto gli stessi passaggi, il client vpn mi apre il tunnel ma non mi funziona il two-factor mode... qlc puo aiutarmi??

  • fabiobizz said:
    Ho fatto gli stessi passaggi, il client vpn mi apre il tunnel ma non mi funziona il two-factor mode... qlc puo aiutarmi??

    Salve Fabio, ho lo stesso problema anche io con un ATP100, configurato tutto, il tunnel funziona ma non mi arriva l'email per l'autorizzazione. Lei è riuscito a risolvere?
Sign In to comment.