SSL VPN + auhtpoing db-firebox

Hello,

I use my SSL vpn to connect in RDP, the authentication is therefore DB-firebox, in these days I am experimenting authpoint, that you know can I integrate my SSL VPN with auhtpoint while maintaining the DB-firebox?

Thank you

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Cristiano

    You can set up local users in AuthPoint (in the cloud.)
    There is no way to use the Firebox-DB users with AuthPoint.

    -James Carson
    WatchGuard Customer Support

  • i can't figure out how to connect with auhtpoint, on all the examples i see radius, we don't have radius for authentication, can we still use auhtpoint with our ssl vpn?

    Thanks

  • Start by reading this first:
    https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/AuthPoint/firebox-ssl-vpn-radius_authpoint.html?TocPath=Self-Help Tools|AuthPoint|_____3

    If you don’t have on-prem AD users, you can add users locally to the AuthPoint Cloud.
    You don’t need to configure the External Identity in the AuthPoint Cloud.

    AuthPoint Gateway is the radius server for sslvpn when using AuthPoint MFA.
    AuthPoint GW is now only needed when running Fireware v12.6.x or lower and/or you haven’t connected the Firebox to the WatchGuard Cloud.

    If you are running v12.7 or higher firmware and have connected the Firebox device to the WatchGuard Cloud you don’t need to install the AuthPoint Gateway as v12.7 have a direct AuthPoint Integration.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Cristiano
    The SSLVPN connects to the AuthPoint Gateway (which you install on a server inside your network.) That acts as the RADIUS server, and if you ever decide to use LDAP/Active Directory, is the part that enables syncing your users to authpoint.

    -James Carson
    WatchGuard Customer Support

  • Ok, but from 12.7 it is no longer necessary or am I wrong?

  • could the attached documentation for the vpn and authpoint not be up to date?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Cristiano
    The document Kimmo linked has an entire section dedicated to 12.7 firewalls. You can go clientless if you wish, but you won't have the AD sync portion as I mentioned before.

    I'd suggest reading the complete article, and if you have any other questions, contact support by using one of the options here:

    https://www.watchguard.com/wgrd-support/contact-support

    -James Carson
    WatchGuard Customer Support

  • I think I have solved it, maybe I had not read correctly. the mistake was that the SSL VPN group had to be named as the group I assigned to auhtpoint, in this case I had a capital to lowercase letter wrong !!

    Thank you all !!

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi Cristano

    Group names are always case sensitive on the firewall. This is the case for any authentication server type.

    -James Carson
    WatchGuard Customer Support

  • yeah, i knew, only i missed a capital letter, i guess i'm losing my sight ...

  • @Cristiano said:
    yeah, i knew, only i missed a capital letter, i guess i'm losing my sight ...

    Don't feel bad about that. I am losing my sight, my mind, and my hair!

    Gregg Hill

  • Ciao Gregg saluti dall'Italia !!!

Sign In to comment.