SSL VPN with Active Directory OTP token generation uniq element to add.
Current firewall Active Directory integration and OTP autogeneration via user portal for SSL VPN don't use unique element. Enable this on one firewall is working. Enable the second firewall and Mobile auth app will override first by second as account name in OTP token is the same as to use email address attribute from AD eg. email@example.com. Local user on XG firewall will use user@firewallname. Propose resolution is to do OTP token account name firstname.lastname@example.org. That will make OTP token unique per firewall and you will be able to have AD authenitcation for SSL vpn with unique OTP tokens per 2 or more firewalls. Usecase - Independent Production datacenters management over SSL VPN with centralized AD auth.