AuthPont 2FA not working at least for SSL VPN today !?

Hello, since this morning I have three firewalls with SSL VPN and AuthPoint 2FA where the VPN users cannot login. I have a support request open, but no solution yet. It seems to be a major issue as the three firewalls have not much in common and I have been told that there are more tickets like mine. Apart from the resolution, I think an application like AuthPoint which is a single point of failure by design must be developed in a way that such long outages are avoided or circumvented !

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative
    edited August 10

    Hi @isol

    There appears to have been an outage in the European region which has since been resolved. The issue was isolated to push notifications, in this instance other forms of authentication (such as OTP or QR code) were operable during this time.

    You can read more at status.watchguard.com, click the European region tab.

    -James Carson
    WatchGuard Customer Support

  • @james.carson

    We also had the issue. But during the failure when connecting with sslvpn the pop-up to Press P or OTP did not even show.

    So no 2 factor option was available.

    /Robert
  • james.carsonjames.carson Moderator, WatchGuard Representative

    @[email protected] Noted, I'll pass that info on to the Authpoint team.

    -James Carson
    WatchGuard Customer Support

  • Yes, exactly, there was no possibility to login to the SSL VPN of the firewalls I operate for 3 different customers as a push request was sent out by the firewall, but it did not receive an answer from AP, so no popup Window where we could enter a TOTP code. QR codes are not an option for SSL VPN auth with a Firebox anyway.

    A side note: the description of the incident makes me wonder. It says "Event Findings: At approximately 06:20 UTC on August 10th, 2022, two core Authentication components began experiencing communication issues resulting in a slow degradation of service availability for the Firebox and Azure integrations. At 08:52 UTC, our on-call engineers were alerted to a potential issue in the Authentication Services, reporting that Push Notifications were failing in our European WGC region. They found it was affecting all authentications using our Firebox integration,(...) "

    I submitted a case describing this exact problem on several firewalls at 06:40 UTC, and phoned in immediately afterwards. The engineer confirmed on the phone that it seemed to be a major event as similar cases popped up in the queue. So how can it be that it takes until 08:52 UTC - more than two hours later - that the issue is picked up and worked on, affecting probably thousands of customers relying on the AuthPoint 2FA that they pay a lot of extra money for?

  • @james.carson

    I have a little correction. Some users where infact presented with the mfa boks when login with sslvpn (and never got a push message of cause), but others where not (including myself).

    /Robert

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @isol
    The status page is a quick summary of the issue as it's posted. If your support rep notified you that work was underway, then there likely was not a gap.

    If you'd like a full root cause analysis of the outage, please mention it in your support ticket and the rep assigned to that ticket can help get one prepared for you.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.