Mobile SSL VPN + NPS w/ Azure Extension + Azure MFA

Hi Guys,

Just wondering if anyone has gotten this combination to work as of yet - My users currently use Mobile SSL VPN against NPS servers. We also have modern authentication enabled along with MFA on our Azure tenant.

I'd love to have MFA functionality when a user connects using the SSL client. From what I understand, all I really need to do is install the Azure extension on the NPS server, and everything else seems to be configured, but I just can't seem to get a successful connection. During authentication, the second factor is triggered on the users' devices, but after completing the sign in, the connection fails.

Any input would be greatly appreciated!

Fl.

Comments

  • James_CarsonJames_Carson WatchGuard Representative

    Hi @Flocons

    I'd suggest opening a support case. So long as the Firebox gets a RADIUS access-accept with the correct group (via FilterID or RADIUS attribute 11) than it should work.

    If you'd prefer to do it yourself, running wireshark with the filter "udp.port==1812" on the RADIUS server (or replace that port with the alternate port you're using" should allow you to see the access-accept. Is Attribute 11 defined? If not, you'll need to configure this on the server.

    My guess would be that the group is not coming across, which would make everything seem like it was working, but the user would not be able to access anything. In the firewall logs, you'd likely see red deny logs that say "unhandled MUVPN packet."

    -James Carson
    WatchGuard Customer Support

Sign In to comment.