Testing and Migration from Firebox-DB to AuthPoint

We are testing Authpoint and have 300+ users we need to migrate from the Firebox-DB to Authpoint. We want to convert users in groups until they are all done then remove Firebox-DB. Basically have both functions working until we are complete.

Our SSL VPN currently has the Firebox-DB setup as the default and Authpoint as second. If I log in with my Authpoint credentials it fails an say user not in Firebox-DB. If I flip the default to Authpoint it logins in correctly with MFA. The Authpoint setup document says if you are testing do not make Authpoint the default. I have not been able to test successfully that way.

Is it possible to check the Firebox-DB and then if not found check Authpoint?

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Hanes

    There isn't a way to hunt for a user across the authentication types, but you can specify what type of auth server you want to use when connecting. By default the firebox will use whatever is set as default.

    If you specify (for example) Firebox-DB\user then the firewall will ignore the default and user firebox-db.

    (Download, Install, and Connect the Mobile VPN with SSL Client)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/mvpn_ssl_client-install_c.html#ConnectClient

    You can see the full list of examples here:
    Active Directory — ad1_example.com\j_smith

    Firebox-DB — Firebox-DB\j_smith

    AuthPoint (Fireware v12.7 or higher) — authpoint\jsmith

    RADIUS (Fireware v12.5 or higher) — rad1.example.com\j_smith or RADIUS\j_smith. You must type the domain name specified in the RADIUS settings on Firebox.

    RADIUS (Fireware v12.4.1 or lower) — RADIUS\j_smith. You must always type RADIUS.

    If your users are still using firebox-db, I'd suggest setting that as default, and typing in authpoint\user while you test. When you're ready to cut over, just change the default.

    -James Carson
    WatchGuard Customer Support

  • Update: I found the document I needed and it works
    To use another authentication server

    Type the authentication server name or domain name, and then type a backlash () followed by the user name. Example: <server.example.com>\.

    Active Directory — ad1_example.com\j_smith

    Firebox-DB — Firebox-DB\j_smith

    AuthPoint (Fireware v12.7 or higher) — authpoint\jsmith

    RADIUS (Fireware v12.5 or higher) — rad1.example.com\j_smith or RADIUS\j_smith. You must type the domain name specified in the RADIUS settings on Firebox.

    RADIUS (Fireware v12.4.1 or lower) — RADIUS\j_smith. You must always type RADIUS.

Sign In to comment.