Do I need a RADIUS server?

ChrisSnapeChrisSnape
in AuthPoint - General

Hi all,

I'm looking to venture into AuthPoint for my Mobile VPN with SSL users. I need to understand the requirement for a RADIUS server to be included in my current setup.

Model: FireboxV Medium
Version: 12.10.3.B694994

I am currently using AD/LDAP to authenticate my Mobile VPN with SSL users. I have my Firebox connected to the WatchGuard Cloud, but I manage the config locally.

I've read through the online guides, but I'm a little unsure as to whether I need to include a Radius agent/server to connect the AuthPoint setup in the cloud with my Firebox/AD. As my Firebox already talks to my AD, I'm hoping I don't need it.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @ChrisSnape

    For SSLVPN on 12.10.x, you can set up the SSLVPN to use RADIUS or a built in AuthPoint connector.

    You need a RADIUS server if you are using RADIUS to authenticate. This is usually windows NPS, which is what actually verifies the user's password since AuthPoint can't do that itself for a windows domain. The hashed password that is included with the RADIUS traffic is forwarded directly to the Windows NPS server to verify.

    You do not need a RADIUS server if you are using the built in AuthPoint connector. AuthPoint will use the AuthPoint Gateway to verify the user's password with Active Directory.

    If you are using SSLVPN, I would suggest using the built in AuthPoint connector. It'll allow you to offer several authentication methods (such as push or OTP) that are selectable by the user if you enable them, whereas RADIUS only allows you to offer one option.

    If you would prefer to not connect your firebox to the cloud (the firebox can be connected to WatchGuard Cloud even if it is locally managed) you'll want to choose the RADIUS option, as the built-in authpoint connector uses that cloud connection to communicate with AuthPoint.

    -James Carson
    WatchGuard Customer Support

  • ChrisSnapeChrisSnape

    Thanks James,

    My ideal setup was to use the Firebox for the AuthPoint gateway, and then let the Firebox be the link between my Active Directory and the AuthPoint licences in the cloud.

    So, based on your post, the firebox in question can 'be' an AuthPoint gateway, as it has the required firmware.

    I thought that was the case, but wanted to double check.

Sign In to comment.