Authentication via One-Time Password (OTP):
One time passwords can be sent via SMS or email, see schema.
To configure OTP for logon, manage, status, web, and web destination routing entries see here.
The string "OTP-email" or "OTP-SMS" is stored as "Issuer" and it can be checked via the ISS keyword.
A list of active OTP sessions is shown here.
A description of the state values is shown via tool tip (mouse over "State" values) or can be found here
For security reasons routing entries using OTP should have the UID field specified to be able to link session objects to a specific routing entry.
Keywords:
SSL:certfile[/parameter] ... to encrypt the connection, mandatory!
OTPR:otprdir ... otprdir is the root directory where the necessary files must be stored:
.... For default configuration specify OTPR:OTP
OTPU:EmailAddresses ... optional, users who may use this routing entry.
TOTPM:filename ... for OTP via email: Filename of template to send OTP via internal mail thread
... If filename is not specified the default template will be used. See also Notes on templates.
... If TOTPM is specified: Mail notification must be enabled.
SENDOTP:processfile ... for OTP via SMS: processfile is the path for the process to send one time passwords via SMS (e.g. path of .bat or .exe file)
... processfile may consist of two parts separated by "|" to differentiate between shell and script, this is necessary for Linux:
... e.g. SENDOTP:/bin/bash|/home/GateAdmin/ApplicGate/OTP/SendOTP
To configure additional optional keywords see here.
Example with email and SMS notification: SourceIP;GatewayIP;GatewayPort;GatewayIP2;DestinationIP;DestinationPort;Expiration;Type ;UID;Comment;eMail
* ;1.1.1.1 ;443 ;2.2.2.2 ;2.2.4.4 ;* ;* ;SSL:server.cer, OTPR:OTP, OTPU:%APP1, TOTPM, SENDOTP:OTP\SendOTP.bat;WEB1; ;