SSL VPN + auhtpoing db-firebox
Hello,
I use my SSL vpn to connect in RDP, the authentication is therefore DB-firebox, in these days I am experimenting authpoint, that you know can I integrate my SSL VPN with auhtpoint while maintaining the DB-firebox?
Thank you
0
Sign In to comment.
Comments
Hi @Cristiano
You can set up local users in AuthPoint (in the cloud.)
There is no way to use the Firebox-DB users with AuthPoint.
-James Carson
WatchGuard Customer Support
i can't figure out how to connect with auhtpoint, on all the examples i see radius, we don't have radius for authentication, can we still use auhtpoint with our ssl vpn?
Thanks
Start by reading this first:
https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/AuthPoint/firebox-ssl-vpn-radius_authpoint.html?TocPath=Self-Help Tools|AuthPoint|_____3
If you don’t have on-prem AD users, you can add users locally to the AuthPoint Cloud.
You don’t need to configure the External Identity in the AuthPoint Cloud.
AuthPoint Gateway is the radius server for sslvpn when using AuthPoint MFA.
AuthPoint GW is now only needed when running Fireware v12.6.x or lower and/or you haven’t connected the Firebox to the WatchGuard Cloud.
If you are running v12.7 or higher firmware and have connected the Firebox device to the WatchGuard Cloud you don’t need to install the AuthPoint Gateway as v12.7 have a direct AuthPoint Integration.
Hi @Cristiano
The SSLVPN connects to the AuthPoint Gateway (which you install on a server inside your network.) That acts as the RADIUS server, and if you ever decide to use LDAP/Active Directory, is the part that enables syncing your users to authpoint.
-James Carson
WatchGuard Customer Support
Ok, but from 12.7 it is no longer necessary or am I wrong?
could the attached documentation for the vpn and authpoint not be up to date?
Hi @Cristiano
The document Kimmo linked has an entire section dedicated to 12.7 firewalls. You can go clientless if you wish, but you won't have the AD sync portion as I mentioned before.
I'd suggest reading the complete article, and if you have any other questions, contact support by using one of the options here:
https://www.watchguard.com/wgrd-support/contact-support
-James Carson
WatchGuard Customer Support
I think I have solved it, maybe I had not read correctly. the mistake was that the SSL VPN group had to be named as the group I assigned to auhtpoint, in this case I had a capital to lowercase letter wrong !!
Thank you all !!
Hi Cristano
Group names are always case sensitive on the firewall. This is the case for any authentication server type.
-James Carson
WatchGuard Customer Support
yeah, i knew, only i missed a capital letter, i guess i'm losing my sight ...
Don't feel bad about that. I am losing my sight, my mind, and my hair!
Gregg Hill
Ciao Gregg saluti dall'Italia !!!
I just used Firebox-DB\USERNAME and it worked even with authpoint as the primary server