Disable portal authentication on internet
Hello,
We use AD authentification for vpn ssl users and radius authentification for local users.
We don't want to continue to expose watchguard on externat ip adresses with https://externals_ip:4100.
Is it possible to disable portal authentification publication on internet ?
Regards
0
Sign In to comment.
Answers
Make sure that Any-external is not on the To: field of the WatchGuard Authentication policy.
Also note that you can turn off the SSLVPN downloads page which allows download of the SSLVPN client from external, using the CLI.
That access should be on your SSLVPN connection port, which is 443 in the default setup.
See the "Software Downloads Page Hosted by the Firebox" section, here:
Plan Your Mobile VPN with SSL Configuration
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/configure_fb_for_mpvpn_ssl_c_before.html
In addition to what Bruce said, external access is not included in the portal auth page by default. If it is there, someone may have added it.
-James Carson
WatchGuard Customer Support
Hello, thanks to you, I never modify the WatchGuard Authentication policy and no Any-external in the TO.
I will turn off the SSLVPN downloads page for vpn ssl clients. I think I had activated some years ago and it's stayed like this.