cancel
Showing results for 
Search instead for 
Did you mean: 

Securing SonicWall Firewall with RADIUS and Push MFA

JCDavid
Rising Star II
Rising Star II

Some things are too cool not to share. I've recently published articles about how to authenticate into network hardware using RADIUS + TOTP multi-factor authentication (MFA). It works by appending a code to your password after comma, i.e., "Password,12345." This method of authentication is best used on private networks or over a VPN, along with monitoring. The advantage is not having to share and manage a single set of local credentials, which is important if someone leaves the IT department. This configuration is now even easier with the inclusion of Push MFA, which eliminates the step of typing the extra code.

Combining RADIUS with MFA with previously only possible using EAP/TLS, which transmits passwords over cleartext. You'll soon be able to opt for CHAP/CHAP2, which is somewhat more secure given the shared secret is always encrypted. This video is an overview of work that I did with an AWS EC2 instance using a SonicWall NSv firewall.  Please excuse the Philly accent.

This is the part that you won't see:

Push MFAPush MFA

This type of MFA challenge is increasingly important given the high threat level.

 

0 REPLIES 0