authentication to multiple firewalls when connecting to sslvpn

Hi all,
we have a frontend firewall protecting a dmz and placed in front of a backend firewall protecting various Vlan.
The frontend firewall manages the internet connections and alla the VPNs.
Users connecting with MUVPNssl (integrated with local AD) needs to access some resources protected by the backend firewall.
I'm looking for a suitable way to authenticate automatically the users that connects to the frontend via sslvpn to the backend firewall.
all fireboxes runs fireware 12.8.2
Any Idea?
Thanks

Answers

  • james.carsonjames.carson Moderator, WatchGuard Representative
    edited November 2022

    Hi @g.bonvecchio@basenet.it

    The firewall uses the VPN login as the authentication on the firewall it logs into. Any attempts to reach to the client from the other firewall will get dropped on the firewall that they are VPNed via because the SSLVPN rule only allows traffic from the client outbound.

    You can use the port 4100 authentication page (> https://IP Of firewall:4100 ) if your WatchGuard Authentication policy (for port 4100) allows traffic via whatever interface the VPN traffic is coming in via. This is a manual process, and the user has to go to that page.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.