MFA for VPN

Virtual private network (VPN) is the industry standard method for providing remote access to an organization’s internal, on-premises applications and resources. Therefore, it is vital that you should protect your VPN logon with multi-factor authentication.

DualShield is an on-premises MFA platform that can protect any type of VPN system with multi-factor authentication, without installing any software on the users’ computers, and with multiple choices of authentication methods.

DualShield MFA integrates seamlessly with all major VPN systems, including Cicso, Citrix, Juniper, Palo Alto, Sophos and many more.

All major VPN system supports RADIUS authentication, and DualShield MFA Platform has a built-in RFC 2865 compliant RADIUS server. Therefore, DualShield MFA can be easily and seamlessly integrated with any VPN system, providing an additional layer of security for VPN logon. Once integrated with your VPN system, your users will be able to continue using the native VPN clients, but will be prompted with two-factor authentication.

DualShield MFA supports direct integration with the Active Directory server. It does not require change to the AD database schema, does not require import from the database and does not require synchronization. Changes made to the Active Directory are immediately effective in DualShield in real time.

DualShield MFA supports the concurrent use of both AD password authentication and a strong 2nd-factor authentication for different users within the domain. The requirement for multi-factor authentication is controlled by a set of polices which can be applied to users, AD groups and OUs. This enables a staged, non-interruptive migration of users to strong authentication when convenient & appropriate.

DualShield MFA supports several two-factor authentication methods for VPN logon, including:

  • On-Demand Password (code by sms, email and call)
  • One-Time Password (hardware token & software app)
  • Out-of-Band Authentication (mobile push authentication)
  • Challenge & Response (grid card)

DualShield MFA provides a set of authentication and access control policies that enable granular administrative access control down to a user, machine, group or unit. For instance, in a circumstance where a user or machine needs to be exempted from two-factor authentication, the network administrator can put the user or machine in the exception list.

Supported VPNs

DualShield supports all major VPN systems, including:

  • Cisco ASA
  • Citrix Netscaler
  • Microsoft NPS & RRAS
  • Juniper SA
  • Palo Alto
  • Sonicwall
  • Sophos
  • Watchguard
  • Checkpoint
  • NetMotion Mobility
  • F5
  • Fortinet