Using Radius SSO with a wireless access point and Firebox
Hi there, I've been stuck on a problem for a while now and I was wondering of any gurus out there could help me.
We currently have a M370 ver 12.6.2 installed that is using SSO with Active directory for clients with the Watchguard SSO Client installed on them.
We'd like to setup RADIUS SSO for the Wifi
The wireless controller currently authenticates using Radius with our AD credentials and uses PEAP to connect to the network, currently WiFi and Wired devices are on the same subnet and this won't change until around 3 months time. Currently our wireless devices use a catch all https proxy policy without any authentication on the watchguard. Judging by our config do you think it is possible to use RADIUS SSO to authenticate wireless users? And how?
Any help would be great, thanks in advance!
Comments
Hi @merry_go_round
If you're already using WPA2 enterprise, the hard part is mostly done. You'll basically just need to set up RADIUS accounting on your RADIUS server to send radius accounting messages to the firewall.
There's an overview here:
(About RADIUS Single Sign-On)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/authentication/rsso_about.html
With more detailed information here:
(Enable RADIUS Single Sign-On)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/authentication/rsso_enable.html
-James Carson
WatchGuard Customer Support
We're using PEAP as our authentication as that was the only way to be able to use our AD credentials for signing on to the WIFI, is it only possible with WPA2 then?
Thanks for the speed y answer too!
Hi @merry_go_round
WPA2 Enerprise is PEAP -- so you should be fine there.
The key to Radius SSO is setting the RADIUS server up to send RADIUS accounting methods to the firewall. You'll want to look at your docs for whatever RADIUS server you're using to see if/how to accomplish that.
-James Carson
WatchGuard Customer Support