Sangfor 's SMS modem is a tool that can be connected to the IAG to send SMS messages. To send SMS messages this way, you must prepare a serial cable, a Sangfor SMS modem, and a SIM card.

Configuration Example: A customer has the 192.168.1.0/24 intranet segment, which is assigned using DHCP to its visitors. Its employees may also use the segment.

The customer requires that all the visitors using this network segment must be authenticated using SMS messages. Authenticated visitors are not added to the organization structure of the IAG, and the Internet access permissions of the Visitor group are assigned to the visitors. The employees using this network segment have usernames in the organization structure; therefore, they can be authenticated using passwords. After being authenticated, the employees can access the Internet based on the permissions corresponding to their usernames.

The configuration procedure is as follows:

Step 1.Install the SIM card in the SMS modem.

Step 2.Use the serial cable (male-to-female cable) delivered with the SMS modem to connect the SMS modem to the CONSOLE port on the rear of the IAG and fasten the connectors to make sure that the SMS modem, serial cable, and IAG are connected properly.

Step 3.Navigate to System > General > Advanced > Notification > SMS Notification and click Add to set SMS notification server:

Set Message Delivery Module to Use built-in SMS Module.

Set Gateway Type to an SMS modem type, a GSM modem, or a CDMA modem.

GSM Modem: It is installed with a GSM SIM card.

CDMA Modem: It is installed with a CDMA SIM card.

Set SMS Center to the SMS service number of the local SMS service provider. For example, the SMS service number of Shenzhen Mobile is 8613800755500.

Set COM Port to the serial port connected to the SMS modem. For example, the first serial port is COM0.

Set COM Baud Rate to the baud rate of the SMS modem, which is generally 11520. Click Test to send a test SMS message.

Click Test Validity to send a test message and check if it is sent successfully.

Enable the configured SMS platform in Navigate to Access Mgt > Authentication > Web Authentication > Auth Server > Add > SMS Based Authentication:

Step 4.Navigate to Access Mgt > Authentication > Web Authentication > Authentication Policy > Add and enable SMS authentication. Set IP address/MAC address. In this example, set 192.168.1.0/24.

In the Authentication Method, select Password based.

Set Authentication Server to Local Users and SMS Authentication.

Action: Users authenticated using SMS messages are not local users or domain users. Select the /Visitor/ group. Then, visitors authenticated using SMS messages can access the Internet based on the permissions assigned to the group.

Employees are authenticated using local accounts and access the Internet based on the permissions assigned to local users. They are not limited by the permissions assigned to the Visitor group.

The visitors authenticated using SMS messages are not added to the organization structure on the IAG. Therefore, do not select Add Non-Local/Domain Users to Group.

Step 5.Create local accounts for the employees. Navigate to Access Mgt > User Management > Local User and create local groups and accounts for authentication.

Step 6.When endpoint devices access the Internet through the IAG, they are redirected to the authentication page.

A visitor selects SMS Authentication, enters his/her mobile number, and clicks Obtain Verification Code. The SMS module sends a verification code to the mobile number. After receiving the code, the visitor enters the code and clicks Login for authentication.

See the following figure.

An employee selects Password Authentication, enters the username and password of a local account, and clicks Login for authentication. See the following figure.