Options
About SSO
Probably a little beyond my pay grade, but we are looking at solutions to force authentication for mobile vpn users. Currently have ~30 Branch Office vpn sites and those are fine. Want to be able to bring the mobile vpn users automatically into the fold for management and security. Firebox M470 in the central office and BOVPN are mostly T15. Wanted to see if anyone has suggestions and/or could point us in the right direction to documentation or quick-start info.
0
Sign In to comment.
Answers
You could set up a VLAN or a specific firewall interface for the connection of your APs.
Then setup policies From: the VLAN or subnet To: Any-external or whatever is appropriate
1) add a HTTPS policy To: Firebox - this will allow the wireless users to authenticate to the firewall using the auth applet to the firewall using HTTPS on port 4100
2) only for authenticated users - such as HTTP, HTTPS, DNS, etc. depending on your needs
3) have an Any policy set to denied - make sure that it ends up below the above added policies.
Unauthenticated wireless users will be denied by 3)
If you have a local Exchange server, and your wireless users access it, they could be automatically authenticated using the SSO Exchange Monitor.
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/authentication/sso_exchange_monitor_configure.html