Operation: Configure OTP
Description: Configure global OTP parameters. 

Sample Configuration
<OTPSettings> <otp /> <allUsers /> <otpUsers> <user /> </otpUsers> <tokenAutoCreation /> <otpUserPortal /> <otpSSLVPN /> <otpWebAdmin /> <otpIPsec /> <defaultTimeStep /> <maxTimeStepsInterval /> <maxInitialTimeStepDiff /> </OTPSettings>



Parameter Mandatory Default Description
otpNo  
Switch OTP on or off.
otp confines to:
  • Type is 'SCALAR'.
  • Only '0', '1' are allowed.
allUsersNo  
Require all users to provide One Time Passwords. Otherwise OTP has to be enabled for users or groups explicitly.
allUsers confines to:
  • Type is 'SCALAR'.
  • Only '0', '1' are allowed.
tokenAutoCreationNo  
User specific OTP tokens may be generated automatically when a user is created. This feature can be switched on or off.
tokenAutoCreation confines to:
  • Type is 'SCALAR'.
  • Only '0', '1' are allowed.
otpUserPortalNo  
Access to selected facilities may require One Time Passwords. Those facilities can be selected here.
otpUserPortal confines to:
  • Type is 'SCALAR'.
  • Only '0', '1' are allowed.
otpSSLVPNNo  
Access to selected facilities may require One Time Passwords. Those facilities can be selected here.
otpSSLVPN confines to:
  • Type is 'SCALAR'.
  • Only '0', '1' are allowed.
otpWebAdminNo  
Access to selected facilities may require One Time Passwords. Those facilities can be selected here.
otpWebAdmin confines to:
  • Type is 'SCALAR'.
  • Only '0', '1' are allowed.
wafNo  
Access to selected facilities may require One Time Passwords. Those facilities can be selected here.
waf confines to:
  • Type is 'SCALAR'.
  • Only '0', '1' are allowed.
otpIPsecNo  
Access to selected facilities may require One Time Passwords. Those facilities can be selected here.
otpIPsec confines to:
  • Type is 'SCALAR'.
  • Only '0', '1' are allowed.
hotspotNo  
Access to selected facilities may require One Time Passwords. Those facilities can be selected here.
hotspot confines to:
  • Type is 'SCALAR'.
  • Only '0', '1' are allowed.
defaultTimeStepNo  
The One Time Password can only be used once within a certain time interval. The length of that interval can be selected here.
defaultTimeStep confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Range 10 to 300 is allowed.
  • Maximum digits allowed are 3.
maxTimeStepsIntervalNo  
Due to clock drift the matching One Time Passwords is looked for max time steps back and forward in time, respectively.
maxTimeStepsInterval confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Range 0 to 10 is allowed.
  • Maximum digits allowed are 2.
maxInitialTimeStepDiffNo  
Due to missing clock synchronization, at the very first utilization of an OTP token the matching One Time Password is looked for max time steps back and forward in time, respectively.
maxInitialTimeStepDiff confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Range 0 to 600 is allowed.
  • Maximum digits allowed are 3.



Operation   Status   Message
Configure OTP200
Configure OTP500

© Copyright 2019 Sophos Firewall Limited. All rights reserved.
Sophos Firewall is registered trademarks of Sophos Firewall Limited and Sophos Firewall Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.