Im trying to setup MFA for firewall's admin interface
I was told that WG supported it and Ive convinced my customer to purchase Authpoint. Ive been through all the support documents, cant seem to make 2FA work for firewall's admin interface.
I'm not aware of this ability but it would certainly be appreciated! You can use an IP Whitelist as a additional factor however.
The only way to make this work currently, would be via RADIUS via push notification, and have users set up in Authpoint. I'd caution against doing it this way, as WatchGuard System Manager specifically creates a few log-ins to get into policy manager -- you'd have to accept every single one of those.
There is a feature request open to natively support the built-in FireboxDB users in a future version, but that hasn't yet been released.
If you're running into a snag setting up RADIUS to do this, I'd suggest opening a case using the support center link at the top right of the page, so that one of our technicians can assist.
WatchGuard Customer Support
The issue is resolved. Authpoint can be setup to work with the Firebox web UI. I was missing a setting or 2. Nick M from Watchguard jumped in with his cape to save the day. HUGE Kudos to Nick.
The issues I had were that the Radius gateway install and link process preconfigured the IP address of itself, in the Watchguard cloud as the EXTERNAL IP address under the "RADIUS client trusted IP or FQDN" under resources, and it needs to be the INTERNAL IP of the default gateway in the WG cloud settings.
I did also have to go into the Web UI under System/users and roles and add the user that matched the Radius user.
Also I mistyped the IP of the Radius gateway in the Firebox web UI under authentication/servers/radius. OOPS
Once those issues were corrected the push notifications work fine and I've been able to add 2FA to the WG Web UI.
THANKS TO ALL FOR THE HELP !!