WiFi for Active Directory Domain
Hi All,
Currently we use the AP325 model with the full security suite in our offices and we have them up for a simple WiFi network in a DMZ so both clients and staff can use the network, this was always my default stance to keep the WiFi away from the domain. There is a policy on the firewall (M740) that allows the WiFi VLAN access to the web.
However, times are a changing and as folk move back into the office I want to make it as easy as I can for them to work. At the moment they connect to the WiFi then initiate a VPN connection to get access to servers etc. The VPN is protected by 2FA. I would like to open up the WiFi to the Domain, but obviously I'm in need of some advice regarding the security.
Has anybody done this in the past? Or would you never do this for a good reason?
I think I could do this by adding the users into the firewall policy for the WiFi - but I would need to keep this updated manually.
Can I link access to a WiFi SSID with 2FA? Azure or RADIUS?
I need a secure way to identify these are corporate devices/people and allow them to access the AD Domain from WiFi.
Any help, much appreciated.
Stuart
Comments
Hi @stuart_seed
If you're using WPA2/Enterprise, you can use RADIUS SSO to identify those users:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/authentication/rsso_about.html
You can set up 2FA for wireless, but in most circumstances that makes for a bad user experience. I'd suggest securing the laptops themselves with something like the AuthPoint logon app.
-James Carson
WatchGuard Customer Support
Thanks James, I will take a look at the Radius SSO.