Options

VPN SSL with Azure/Entra + MFA it's possible ?

Anth0xAnth0x
edited February 1 in Technical Discussion

Hello There !

I followed this documentation and it works perfectly: https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/General/Azure-firebox-ssl-vpn-active_directory.html

BUT now I want to apply the MFA before authentication, like Authpoint but Azure version, so basically I want that when I connect to the vpn I have the push authenticator (or third party token OTP) but I don't have the impression that this is possible since it's AD DS?

Comments

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Anth0x
    Windows doesn't support using the SSLVPN for this, but it does support pre-login for the IKEv2 VPN, since that client is built into windows.

    See:
    https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000bopASAQ

    -James Carson
    WatchGuard Customer Support

  • Options
    Anth0xAnth0x

    Hi @james.carson

    Thanks for your quick reply ! I need to use SSL because I have devs who are on Linux (Ubuntu, Debian, Fedora, Redhat) and MacOS and the ikev2 mobile vpn doesn't work very well.

    I use the openvpn official client because the watchguard client isn't stable and doesn't work on Linux anyway.

    So in my case, the best solution would be to use AuthPoint (or a competitor, for example Fortigate handles it very well, there's even an enterprise azure application dedicated to it).

Sign In to comment.