Options

Disable portal authentication on internet

REMYFREMYF
in Firebox - Authentication

Hello,
We use AD authentification for vpn ssl users and radius authentification for local users.
We don't want to continue to expose watchguard on externat ip adresses with https://externals_ip:4100.
Is it possible to disable portal authentification publication on internet ?
Regards

Answers

  • Options
    Bruce_BriggsBruce_Briggs

    Make sure that Any-external is not on the To: field of the WatchGuard Authentication policy.

    Also note that you can turn off the SSLVPN downloads page which allows download of the SSLVPN client from external, using the CLI.
    That access should be on your SSLVPN connection port, which is 443 in the default setup.

    See the "Software Downloads Page Hosted by the Firebox" section, here:
    Plan Your Mobile VPN with SSL Configuration
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/configure_fb_for_mpvpn_ssl_c_before.html

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    In addition to what Bruce said, external access is not included in the portal auth page by default. If it is there, someone may have added it.

    -James Carson
    WatchGuard Customer Support

  • Options
    REMYFREMYF

    Hello, thanks to you, I never modify the WatchGuard Authentication policy and no Any-external in the TO.
    I will turn off the SSLVPN downloads page for vpn ssl clients. I think I had activated some years ago and it's stayed like this.

Sign In to comment.