i use Authentication Portal with Active Directory authentication. User going to https://external_ip:4100 and type username and password about Active Directory.
Possible add AuthPoint with "push, otl, etc" in this fase ?
It's possible to do this -- you'd need to set the firebox up as a RADIUS resource and have the authentication go via the AuthPoint gateway's RADIUS server.
The firebox would work off the AuthPoint group, so making the policy from line the AuthPoint group you expect to see would be the best way to make policies for this.
WatchGuard Customer Support
done, test gw works, I created group in AD with name "accessMFA" with 4 users, as a test, with "advanced query" executing "memberOf=CN=ACCESSMFA,CN=Users,DC=domain,DC=it" returns only 1 out of 3 users. Why, how do I find out the difference between users?
Without seeing your AD setup it's difficult to answer that -- I'd suggest using a tool like ADExplorer which can help build/test queries: