Product manual
16
6. Optionally allow any non-2FA users to use the VPN.
NOTE: Allowing non-2FA users to log in to the VPN without restricting access to a security group will allow all users in the domain
to login via the VPN. Using such a configuration is not recommended.
7. Optionally restrict VPN access to an existing Active Directory security group.
8. Once you are finished making changes, click OK.
9. Re-start the RADIUS Server.
a. Locate the ESA RADIUS Service in the Windows Services (under Control Panel - Administrative Tools - View Local
Services).
b. Right Click on the ESA Radius Service and select Restart.
5.2 Usage
Once you have configured your RADIUS client, it is recommended that you verify RADIUS connectivity using a testing utility such
as NTRadPing before reconfiguring your VPN appliance. After verifying RADIUS connectivity, you may configure your appliance to
use the ESA RADIUS server as an external authenticator for your VPN users.
Since both the optimal authentication method and usage are dependent on your appliance make and model, see the relevant ESET
Secure Authentication VPN integration guide, available on the ESET Knowledgebase.
6. Web Application Protection
The ESA Web Application Protection module automatically adds 2FA into the authentication process of all supported Web
Applications. The module will be loaded the next time the protected Web Application is accessed after ESA has been installed.
Users will log in using the normal authentication process of the Web Application. After being authenticated by the Web
Application, the user will be redirected to an ESA web page and prompted for an OTP. The user will only be allowed access to the
Web Application if a valid OTP is entered.
The user's 2FA session will remain active until they log out of the Web Application or close their browser.