How to remove 2FA for admin using CLI

Description

This article provide information on how to remove 2-Factor Authentication for Administrator login using the CLI.

Cause

Many user login Authentication requires one-time password .SonicOS 6.5.3.1 or latest provides additional layer of security with Time-Based One Time Password (TOTP). If the system time is wrong and NTP server time is mismatching, then we cannot login to the firewall and will get error like "Please try again later ".
You may need to use the CLI for the following reasons:
* When you don't have access to firewall GUI to disable TOTP.
* When you get "Please try again later " message even after you enter the One time password.

Image

Resolution

  1. Make sure SSH is enabled on the X0 interface.
  2. Open Putty
    Image
  3. Set Baud = 115200
    Date bits = 8.
    Parity = None.
    Stop bits = 1.
    Flow Control= None.
    Image
  4. Refer this article to login to the sonicwall using putty, https://www.sonicwall.com/support/knowledge-base/how-can-i-login-to-the-appliance-using-the-command-line-interface-cli/170505641032025/.
  5. Run the following commands
    >Configure
    >Administration
    >No admin one-time-password
    >Commit
    >Exit
    Image
  6. These 5 commands will be used to disable the TOTP for the Admin.
  7. Now we can login to the firewall without providing the one time password.
  8. Check the System time if it set properly based on your time zone.
    Image
  9. After verifying the system time then you can enable the TOTP for admin login.

 

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
TZ Series
User Login
not finding your answers?
Ask the Community