AuthPoint MFA for Watchguard System manager and Policy Manager

keysdkeysd
in AuthPoint - General

MFA for firewalls, routers, and switches is going to be a requirement for our company in the near future. We're currently using AuthPoint for mobile VPN.

Is there a way to use AuthPoint MFA with WSM and Policy Manager. I see documentation to configure AuthPoint with WebUI, but I'm not finding anything that specifically mentions WSM or Policy Manager. I saw a old post in this community where James Carson mentioned that AuthPoint support for the FireboxDB was a current open Feature request back in 2019. Any update on that would be appreciated.

https://community.watchguard.com/watchguard-community/discussion/534/firewalls-admin-interface-via-mfa

I've been a WSM user for almost 20 years and rarely use WebUI. Maybe its time to start using WebUI? Is WebUI the future for Watchguard administration or is WSM here to stay as well?

Comments

  • Bruce_BriggsBruce_Briggs

    The new cloud managed firewalls may be the future direction. Totally new concept in how one setup up rule processing.

    As there are features in WSM that are not in the Web UI, one hopes that WSM will still exist for along time. Still my strong preference too.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @keysd @Bruce_Briggs
    Work is being done on this. In it's current state WSM (in particular Firebox System Manager) does several authentication attempts whenever you do something (which in turn causes several push notifications to go to your phone.) Basically any time you see the grayed out password prompts, there's an authentication happening in the background.

    It is possible to do this via a RADIUS server for WebUI, but will cause the aforementioned behavior if you attempt to log in with WSM via RADIUS with it enabled.

    -James Carson
    WatchGuard Customer Support

  • isolisol

    What about the state of this? With NIS2.0 coming in Europe in October, I do not think that it is feasible to say "Well we have 2FA on the GUI, but not on the WSM". Unless you somehow completely disable the WSM way to do things. You will soon get many requests for a complete 2FA coverage for the Fireboxes located in Europe...

  • BluestoneBluestone
    edited September 2

    Just to add - this is 100% coming. My insurance company is now forcing MFA for all network equipment on the network (inc network switch which have a GUI - you must enable MFA or remove from the network) I used to be able to place these appliances in a "admin" VLAN but from next year, this will no longer be an option to have cyber / business insurance coverage. Rules state that all equipment must have MFA / 2FA which access is via a GUI / management program.

Sign In to comment.