Re: MFA Multi functional authenticator
Posted: 17 May 2019, 12:24
Thank you very much for your question.MFA is an important security function.
When you manage Firewall for other company's you want to assure them level of security.
Lately company's see allot of media attention that hackers can get you login credenditals.
With MFA your login credential can be hacked but they can't login without a code.
Especialy with the direct view option you can save the credentials and instantly login. When someone hacked your account they can litterly login on you Firewall and do anything that they want.
Its for the company where I work a big security risk when you use a management tool for firewalls without MFA.
I hope you will consider an MFA function ASAP.
(please I love a discussion on this forum and you opinion)
We greatly value your feedback about DynFi Manager (DynFi Manager).
While MFA is indeed on our roadmap, It is not yet at the top of our priority for some reasons that I will try to explain hereunder.
DynFi Manager should generally be deployed in a contained environment where only few people will have access to the Manager.
While communication from the Manager to the various pfSense / OPNsense devices is mandatory, access to the DynFi Manager can be restricted using the following methods :
- deploying DynFi Manager on a internal LAN / VLAN with restricted inbound / outbound connection
- filtering IPs which have access to the Manager
- securing access to the Manager through a VPN (if remote access is needed
- securing access from the Manager to the remote firewalls
Exposing the DFM login interface to the public is as bad as having the WAN IP address of your firewall devices accessible to the public.
If you want / need to share your login with remote users / clients, consider the advices given before to secure the access.
That being said, we agree to the fact that It is always better to have MFA available rather than not.
We will do our best to have this implemented in DFM.