Guides

Setting Up Two-Factor Authentication on SonicWall VPN

This guide describes how to set up two-factor authentication (2FA) for your SonicWall VPN solution with Protectimus as a multi-factor authentication (MFA) provider.

The Protectimus two-factor authentication system can be integrated with SonicWall SSL VPN via RADIUS authentication protocol. For this purpose, you need to install an on-premise Protectimus RADIUS Server component and configure the SonicWall Network Security Appliance to refer to the Protectimus RADIUS Server for user authentication.

See how Protectimus two-factor authentication solution works for SonicWall VPN in the scheme below.

How to set up Sonic Wall two-factor authentication with Protectimus

1. How Two-Factor Authentication for SonicWall VPN Works

Protectimus adds the second authentication factor to your users’ login to the SonicWall VPN. After you set up SonicWall VPN two-factor authentication, your users will enter two different authentication factors when they log into their SonicWall VPN accounts. These authentication factors are:

Basic credentials — username and password (something the user knows).
A one-time password generated with the help of a two-factor authentication token (something that belongs to the user).

Protectimus offers different kinds of two-factor authentication tokens for SonicWall:

Classic and programmable hardware OTP tokens that look like keyfobs and plastic cards;
2-factor authentication app Protectimus SMART OTP on iOS and Android
Any other 2-factor authentication apps that support TOTP auth standard, including Google Authenticator;
Delivery of one-time passwords using chatbots in Telegram, Messenger, or Viber;
SMS authentication;
Delivery of one-time passwords via email.

You may enable one authentication method for all your users or let users a chance to choose themselves if you activate the Protectimus Users’ Self-Service Portal.

Two-factor authentication protects SonicWall VPN from many threats associated with stealing users’ credentials, including phishing, social engineering, brute force, keyloggers, data spoofing, etc.

It is a challenging task for the fraudster to hack two authentication factors that differ in their nature (something the user knows and owns) and use them simultaneously within 30 seconds (the time when the one-time password remains active). That is why two-factor authentication is still one of the best security measures for SonicWall VPN.

2. How to Enable SonicWall VPN 2FA

You can set up SonicWall VPN two-factor authentication (2FA) with Protectimus using the RADIUS protocol:

Get registered with Protectimus SAAS Service or install the On-Premise 2FA Platform and configure basic settings.

Install and configure Protectimus RADIUS Server.

Configure SonicWall VPN authentication policies.

2.1. Get Registered and Configure Basic Protectimus Settings

Register with the Protectimus Cloud Service and activate API or install the Protectimus On-Premise Platform (if you install Protectimus Platform on Windows, check the Radius box during the installation).
Add Resource.
Add Users.
Add Tokens or activate Users’ Self Service Portal.
Assign Tokens to Users.
Assign Tokens with Users to the Resource.

2.2. Install and Configure Protectimus RADIUS Server

Detailed instructions for installing and configuring the Protectimus RADIUS Server for SonicWall VPN 2-factor authentication using RADIUS are available in our Protectimus RADIUS Server Installation Guide for SonicWall VPN 2FA.

2.3. Add Protectimus as RADIUS Server for SonicWall

Below you will find two instructions for adding Protectimus as RADIUS Server to the SonicWall Network Security Appliance:

2.3.1. SonicOS 6.2 and below

Log into the SonicWall administrative interface.
Navigate to Users —> Settings —> Authentication method for login and select RADIUS. Then click on Configure.

SonicWall VPN 2FA setup - SonicOS 6.2 - Step 1

Configure the following RADIUS Settings to add a RADIUS Server.

RADIUS Server Timeout	Set to 30 seconds or higher. This is to make sure that login has enough time to receive the OTP and enter it.
Name or IP Address	IP of server where the Protectimus RADIUS Server component is installed.
Shared Secret	Indicate the shared secret you created in the Protectimus radius.yml file (radius.secret property) when configuring Protectimus RADIUS Server
Port Number	Indicate 1812 (or whichever port you configured in the Protectimus radius.yml file when configuring Protectimus RADIUS Server).

SonicWall VPN two-factor authentication setup - SonicOS 6.2 - Step 2

Go to the RADIUS Users tab. Select appropriate mechanism for setting user group membership, Apply settings, and test the configuration.

SonicWall VPN multi-factor authentication setup - SonicOS 6.2 - Step 3

2.3.2. SonicOS 6.5 and above

Log into the SonicWall administrative interface.
Click MANAGE, navigate to Users —> Settings —> User authentication method and select RADIUS. Then click on CONFIGURE RADIUS.

SonicWall VPN 2-factor authentication setup - SonicOS 6.5 - Step 1

Click Add and then configure the following RADIUS Settings to add a RADIUS Server.

Host Name or IP Address	IP of server where the Protectimus RADIUS Server component is installed.
Shared Secret	Indicate the shared secret you created in the Protectimus radius.yml file (radius.secret property) when configuring Protectimus RADIUS Server
Confirm Shared Secret	Confirm your shared secret.
Port	Indicate 1812 (or whichever port you configured in the Protectimus radius.yml file when configuring Protectimus RADIUS Server).

SonicWall VPN MFA setup - SonicOS 6.5 - Step 2

While still in RADIUS Servers Settings, switch to General Settings and Set RADIUS Server Timeout to 30 seconds or higher.

SonicWall VPN two-factor authentication setup - SonicOS 6.5 - Step 3

Go to the RADIUS Users tab. Select appropriate mechanism for setting user group membership, click OK, and test the configuration.

SonicWall VPN 2-factor authentication setup - SonicOS 6.5 - Step 4

Integration of two-factor authentication (2FA/MFA) for your SonicWall VPN is now complete.

If you have other questions, contact Protectimus customer support service.

1. How Two-Factor Authentication for SonicWall VPN Works
2. How to Enable SonicWall VPN 2FA
2.1. Get Registered and Configure Basic Protectimus Settings
2.2. Install and Configure Protectimus RADIUS Server
2.3. Add Protectimus as RADIUS Server for SonicWall
2.3.1. SonicOS 6.2 and below
2.3.2. SonicOS 6.5 and above

Authentication & Verification

Classic 2FA / MFA

Classic 2FA / MFA

Wi-Fi Authentication

Electronic Visit Verification

Popular Integrations

MFA for Windows and RDP

MFA for RADIUS

MFA for OWA

MFA for VPN

MFA for ADFS

MFA for Roundcube

Your Industry

Financial Services

Education

Healthcare

Goverment

Energy

Online Gaming

Technology

Gambling Public Sector

Hardware OTP Tokens

Protectimus Slim NFC

Protectimus TWO

Protectimus FLEX

Protectimus SHARK

Software MFA Methods

Protectimus SMART

Protectimus BOT

Protectimus SMS

Protectimus MAIL

Protectimus PUSH

Integration Guides

AD, LDAP, Databases

VPN Clients

Windows & RDP

VDI Clients

Outlook Web App

CentOS

ADFS

Ubuntu

Office 365

Roundcube

Electronic Visit Verification

Ubiquiti UniFi Controller SMS Authentication

Get Started

Classic 2FA / MFA

Cloud-Based MFA Service

On-Prem MFA Platform

API Documentation

API Integration Instructions

Software Development Kits

Java

PHP

Python

Resources

How it works

Blog

Customer Stories

Your Industry

FAQ

Become Our Partner

Support Center

Classic 2FA / MFA

Cloud-Based MFA Service

Classic 2FA / MFA

On-Prem MFA Platform

MFA for AD, LDAP, Databases

Dynamic Strong Password Authentication

Wi-Fi Authentication

SMS Based Authentication for Wi-Fi

Electronic Visit Verification

Electronic Visit Verification

MFA for Windows and RDP

MFA for RADIUS

MFA for OWA

MFA for VPN

MFA for ADFS

MFA for Roundcube

MFA for Office 365 (SSO)​

Authentication & Verification

MFA for Office 365 (SSO)

MFA for AD, LDAP, Databases

API Documentation