IPsec Mobile VPN setup with Microsoft MFA
I am trying to get MFA setup on the Mobile VPN client using IPsec.The firewall is setup at a datacenter with domain controllers which I currently have working to authenticate using active directory. There will be a S2S tunnel setup to our Azure Environment.
If possible I would like to use Microsoft MFA but I can't seem to find good instructions on what I need to do to get that working.
0
Sign In to comment.
Comments
Hi @jfaz11
If you're using the IPSec VPN, setup will be about the same as AuthPoint (as in you'll need to use RADIUS to do this.
See:
(Firebox Mobile VPN with IPSec Integration with AuthPoint)
https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/AuthPoint/firebox-ipsec-vpn-radius_authpoint.html
The RADIUS server you point to will need to reply with the group the VPN is looking for as RADIUS attribute 11 (also known as FilterID) -- the group name is whatever the profile name is that you made in the IPSec setup.
-James Carson
WatchGuard Customer Support