Product manual
15
Enabling soft-token OTPs for a specific user:
1. Make sure that the check box next to Mobile Application is selected.
2. Click Send Application.
3. The user will receive an SMS message containing a link that can be used to install the application.
5. VPN Protection
ESA ships with a standalone RADIUS server that is used to authenticate VPN connections. After installing the ESA RADIUS server
component, the service will start automatically. Ensure that it is running by checking its status in the Windows Services console.
5.1 Configuration
To configure 2FA for your VPN, you first need to add your VPN appliance as a RADIUS client. Follow these steps:
1. From within the ESA Management Console, right click the RADIUS server and select Add Client.
2. Select the new client and choose Properties from the list of available actions. This is displayed in the figure below.
3. Give the RADIUS client a memorable name for easy reference.
4. Configure the IP Address and Shared Secret for the Client so that they correspond to the configuration of your VPN appliance.
The IP address is the internal IP address of your appliance. The shared secret is the RADIUS shared secret for the external
authenticator that you will configure on your appliance.
5. Select "Mobile Application" as an authentication method. The optimal authentication method depends on your VPN appliance
make and model. See the appropriate ESA VPN Integration Guide for details. The VPN integration guides are available on the
ESET Knowledgebase.