Two Factor Authentication (TFA) - Firewall Analyzer

    Two Factor Authentication (TFA) provides an additional level of authentication and improves security by requiring the user to provide a unique time-based one time password (TOTP). The TOTP is generated through Authenticator Apps or as a one time password (OTP) sent to the user's configured Email address. TFA strengthens authentication and prevents unauthorized access.

    Note: This feature is available from Firewall Analyzer version 125415.

    Click here for troubleshooting steps.

     

     

     

    Steps to configure TFA in Firewall Analyzer:

    1. Go to Settings > General Settings > User Management > Two Factor Authentication.
    2. Select the 'Enable Two Factor Authentication (TFA)' option.
    3. Choose the desired Authentication Mode: Authenticator Apps (TOTP via Authenticator apps including but not limited to Google Authenticator, Microsoft Authenticator, Duo etc.) or Email Authentication (OTP sent to the user's configured Email address).

    Note: Mail Server Settings need to be configured for the Email Authentication Mode.

    1. Enter the number of days you want to allow the User's browser to be trusted for. That is, the User won't be required to provide TOTP/OTP while logging in on that browser for the specified number of days. This will be applicable if the user selects the check box to trust the browser during login.
    2. Click Save.

    Note: If 'Authenticator Apps' is chosen as the mode of Authentication, all users will be prompted to set up their Authenticator app during their next login.

     

     

     

     

     

     

    1. If Authenticator Apps is the chosen mode of Authentication, during next login, install and follow the steps shown on screen to configure your desired Authenticator app on your mobile device.

    Note: In the case of TOTP, the time in the configured mobile device must be in sync with the server time.
    Alternatively, if the mode of Authentication is chosen as 'Email', the OTP will be sent via Email to the User's configured Email ID.

    1. Enter the OTP generated in the Authenticator app/Email to login.

    Note: In the event that a new TOTP secret is required due to the loss of the mobile device configured or for any other such reason, the Admin User can go to Settings > General Settings > User Management and click on the Reset TOTP secret icon under Actions for the respective User.

     

     

    Troubleshooting steps:

    In the event that the Admin user is unable to login to the product, and if the Admin has lost the configured mobile device/is unable to retrieve the OTP from Email, then TFA can be disabled by running .bat/.sh file.

    To troubleshoot, follow the steps below:

    For Windows:

    1. Stop the Firewall Analyzer Service.
    2. Open command prompt as Administrator, navigate to <Firewall Analyzer_installed_dir/bin>.
    3. Execute the DisableTFA.bat file.
    4. Start the Firewall Analyzer Service.

    For Linux:

    1. Stop the Firewall Analyzer Service.
    2. Open terminal as a privileged user (su/sudo).
    3. Navigate to <Firewall Analyzer_installed_dir/bin>.
    4. Execute the DisableTFA.sh file.
    5. Start the Firewall Analyzer Service.

    For any further queries, kindly reach out to fwanalyzer-support@manageengine.com