Issues with Mobile VPN with SSL and Entra ID SAML
Hi all,
I recently had to disable SAML authentication completely on my company's Watchguard, because the given reply URL by my firebox does not correspond with the system's expected reply URL.
Has anybody else experienced this phenomena? Any tips or tricks I might not be aware of? Authentication through Entra works fine, right up until the Firebox receives the reply. According to the AIs, it's related to SAML for Firebox authentication and Mobile VPN authentication being split on some models but not all, but as I can't find definite sources on that it's difficult to tell whether that's AI hallucination or not.
I've been cursing the Mobile VPN client versions 12.11.3 and 12.11.4 for a while now, thought the issues finally got fixed with 12.11.5 but in combination with FireOS 12.11.6 it's proven an unreliable mess. (Tried creating a ticket, but that form also jammed when I clicked send.)
Comments
Hi @Ona
I'm sorry the ticketing system isn't working when you try to submit your case.
The firebox does support SAML across multiple locations. If you need a different reply to your request, it may be helpful to create another SAML profile and configure that one to provide the response you need.
If you'd like to work with support, here's a few ways we can help:
Phone:
You can call the number closest to you here:
(Support by Phone)
https://www.watchguard.com/wgrd-support/support-by-phone/all
Existing case:
If you have an existing support case from an old issue, you can reply to that case and let the technician know you need help creating a new case.
Forums:
If you can reply with an existing case number or the serial number of your firewall, I can request that our support team create a case for you and reach out. I'd only need an old case number. Please do not reply with any personal information on the forums here.
Thank you,
-James Carson
WatchGuard Customer Support