A company wants to enforce MFA for VPN users but allow users to authenticate without MFA when connecting from the corporate office. Which authentication policy configuration achieves this?
Trap 1: Disable MFA in the global Authentication Profile
This disables MFA for all users, not just corporate office.
Trap 2: Create an authentication policy with source zone 'Corporate' set to…
This would require MFA even from corporate office, not desired.
Trap 3: Create an authentication policy with source zone 'Corporate' set to…
This would skip authentication entirely for corporate traffic, not just MFA.
- A
Disable MFA in the global Authentication Profile
Why wrong: This disables MFA for all users, not just corporate office.
- B
Create an authentication policy with source zone 'Corporate' set to 'require MFA'
Why wrong: This would require MFA even from corporate office, not desired.
- C
Create an authentication policy with source zone 'Corporate' set to 'allow' and authentication method 'no MFA'
This allows authentication without MFA from the corporate zone.
- D
Create an authentication policy with source zone 'Corporate' set to 'no-auth' and action 'allow'
Why wrong: This would skip authentication entirely for corporate traffic, not just MFA.