MFA for SonicWall
SonicWall SSL-VPN (NetExtender and the SMA series) gives remote staff a fast way in — and attackers the same, when a password is all that's required. SonicOS authenticates VPN and admin users against RADIUS but has no built-in second factor. Authnull sits in front of that RADIUS check and enforces MFA on NetExtender, virtual office, and firewall administration. You add Authnull as a RADIUS server, point the user authentication method at it, and a factor is required before access is granted.
SonicWall forwards the login; Authnull adds the factor.
SonicOS forwards the login to Authnull over RADIUS; Authnull validates the primary credential, challenges for the factor, and returns Access-Accept. Increase the RADIUS timeout so push approvals are not cut short.
Configure MFA for SonicWall
Real steps — the exact menus, fields, and values. Follow along in your console; the whole thing takes about 15 minutes.
Add Authnull as a RADIUS server
Configure Authnull as the RADIUS server with the connector IP and shared secret, then test the connection from SonicOS.
Set RADIUS as the login method
Switch the user authentication method to RADIUS (or RADIUS + Local) so VPN and admin logins are validated through Authnull.
Map RADIUS groups for access
Import or map the RADIUS user groups that are allowed SSL-VPN access so policy follows your directory.
Raise the timeout and test
Increase the RADIUS user-session timeout, then connect with NetExtender using a test account and approve the factor.
Closes the MFA gap auditors look for
Enforcing MFA on SonicWall gives you evidence for the remote-access and privileged-access controls in SOC 2 and the access requirements under CCPA — with per-login logs you can hand straight to an assessor.
Add MFA to SonicWall — free to start.
Spin up Authnull, point SonicWall at it, and enforce a factor on a pilot group today. No card, no rip-and-replace.