Using AuthPoint with Radius

justanotheruser

I'm trying to implement AuthPoint using Radius as the authentication server. According to this doc: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/gateways.html, I can install the AuthPoint gateway onto an internal Windows server that will act as a Radius server. Does this mean I don't need to configure an actual Radius server in my network and I can just use the gateway to authenticate the Radius clients?

kimmo.pohjoisaho

Depends…

Do you have WG firewall? if yes, what version are you running?
Where do you need the MFA? ssl/ikev2 mobilevpn or something else…
Do you have on-prem AD?

justanotheruser

@kimmo.pohjoisaho I have a M570 and I want the MFA to run on Windows devices. I'm using the SSL client and I have on-prem AD.

kimmo.pohjoisaho

Okay, first I recommend that you upgrade your M570 to latest v12.7.2
https://software.watchguard.com/SoftwareDownloads?current=true&familyId=a2R2A000002aHhRUAU

To sync you’re AD users to AuthPoint Cloud you need to install the AuthPoint GW and configure LDAP connection.
https://www.watchguard.com/help/video-tutorials/MFA_Sync_Users/index.html
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/external-identity_ldap.html

If you didn’t upgrade your M570 device then you need to also use AuthPoint GW as radius for the authentication.

If you did upgrade your M570 to v12.7.2 then the Firebox has a direct connection to the AuthPoint Cloud, no need to for AuthPoint GW radius.
The Firebox needs to also be connected to the WatchGuard Cloud, Cloud Reporting with Local Management, needs Basic or Total Security license.
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/WG-Cloud/Devices/device_visibility_wg_cloud.html

https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/AuthPoint/firebox-ssl-vpn-radius_authpoint.html
and choose:

• Fireware v12.7 or higher
• Fireware v12.6 or lower

.kimmo

justanotheruser

@kimmo.pohjoisaho If I don't upgrade the firebox can I install the AuthPoint Gateway client on the same internal server that is configured as the RADIUS server, or do they have to be configured on two separate servers?

kimmo.pohjoisaho

Yep, you can install the AuthPont Gateway on the same win server where you have Microsoft NPS radius server running. You just need to use a different radius port when configuring the radius in AuthPont GW, example 18121 Use this same port when configuring the AuthPoint radius in M570 device. Remember you need also java install on this win server, I recommend the AWS corretto java install.