Ukraine flag

We stand with our friends and colleagues in Ukraine. To support Ukraine in their time of need visit this page

> Array AG SSL VPN 2FA


This guide shows how to enable two-factor authentication (2FA / MFA) for Array AG SSL VPN with the help of the Protectimus multi-factor authentication system.

Protectimus multi-factor authentication system integrates with Array AG SSL VPN via RADIUS authentication protocol. In this scenario, the Protectimus Cloud 2FA Service or On-Premise 2FA Platform performs as a RADIUS server, and the Array VPN takes the role of a RADIUS client.

The scheme of work of the Protectimus solution for Array VPN 2FA is presented below.

Array VPN 2FA setup via RADIUS

1. How Array VPN Two-Factor Authentication Works

Protectimus Two-Factor Authentication Solution for Array AG SSL VPN allows you to add an extra layer of security to your Array VPN logins.

When you add 2FA/MFA for Array VPN, your users will use two different authentication factors to get access to their accounts.
  1. The first factor is login and password (something the user knows);
  2. The second factor is a one-time password generated with the help of a hardware OTP token or an app on the smartphone (something the user owns).

To hack a Array VPN protected with two-factor authentication, a hacker needs to get a standard password and a one-time password at once. And they only have 30 seconds to hack a one-time password. It is almost impossible, which makes two-factor authentication so effective against brute force, data spoofing, keyloggers, phishing, man-in-the-middle attacks, social engineering, and similar hacking attacks.

2. How to Enable 2FA for Array AG SSL VPN

You can set up multi-factor authentication (2FA) for Array VPN with Protectimus using the RADIUS protocol:
  1. Get registered with Protectimus SAAS Service or install the On-Premise 2FA Platform and configure basic settings.
  2. Install and configure Protectimus RADIUS Server.
  3. Add Protectimus as RADIUS Server for Array AG SSL VPN.

2.1. Get Registered and Configure Basic Protectimus Settings

  1. Register with the Protectimus Cloud Service and activate API or install the Protectimus On-Premise Platform (if you install Protectimus Platform on Windows, check the RProxy box during the installation).
  2. Add Resource.
  3. Add Users.
  4. Add Tokens or activate Users’ Self Service Portal.
  5. Assign Tokens to Users.
  6. Assign Tokens with Users to the Resource.

2.2. Install and Configure Protectimus RADIUS Server

Detailed instructions for installing and configuring the Protectimus RADIUS Server for Array VPN two-factor authentication using RADIUS are available here.

2.3. Add Protectimus as RADIUS Server for Array VPN 2FA

  1. Login to the Array VPN administration panel.
  2. Change the mode to Config.
  3. Navigate to the Virtual Site using the dropdown in the upper left corner.
  4. Find the Site Configuration menu on the left and click on AAA.
  5. Open the General tab and check Enable AAA.

Array VPN 2FA setup via RADIUS - step 1
  1. Navigate to the Server tab and click RADIUS.
  2. Enter the Server Name (e.g. Protectimus RADIUS Server). You can also add a Description. Then click Add.

Array VPN MFA setup via RADIUS - step 1
  1. The newly added server will appear on the list of servers. Open Advanced RADIUS Server Configuration by double-clicking the name of your RADIUS server.
  2. Click Add RADIUS Server on the Advanced RADIUS Server Configuration page. Fill in the form referring to the table and image below, and click Save.
Server IP Enter the IP of server where the Protectimus RADIUS Server component is installed.
Server Port Indicate 1812 (or whichever port you configured in the Protectimus radius.yml file when configuring Protectimus RADIUS Server).
Secret Password Indicate the shared secret you created in the Protectimus radius.yml file (radius.secret property) when configuring Protectimus RADIUS Server
Timeout Set to 180 seconds.
Redundancy Order Set to 1 if this is your first RADIUS server.
Retries Set to 3.
Accounting Port Set to 1813.

Array VPN two-factor authentication setup via RADIUS - step 3
  1. Go to the Method tab and click Add Method.
  2. Enter the Method Name (e.g. Protectimus) and Method Description (e.g. Protectimus RADIUS Server). Then select the AAA server in Authentication. The AAA server is the server you created earlier (Protectimus RADIUS Server).
  3. Click Save. The method you just created will appear in the table on the Method tab.

Array VPN 2-factor authentication setup via RADIUS - step 4
  1. Find the AAA Method for Mobile VPN Clients dropdown and select the method you created (Protectimus).

Array VPN multi-factor authentication setup via RADIUS - step 4
  1. Go to the top right corner of the Array VPN administration panel and click Save Configuration.

Array AG SSL VPN 2FA setup via RADIUS - step 6
Integration of two-factor authentication (2FA/MFA) for your Array AG SSL VPN is now complete. If you have other questions, contact Protectimus customer support service.
Last updated on 2023-01-12