Authpoint Radius Microsoft Remote Dekstop Gateway NPS

Hi,

Does anyone has the experience to get authpoint radius authentication combined with Microsoft Remote Desktop gateway working?

Regards,

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Merijn
    The RD Gateway has a special AuthPoint agent -- I'd suggest looking at the documentation here:

    (About the AuthPoint Agent for RD Web)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/resources_rd-web.html

    -James Carson
    WatchGuard Customer Support

  • Hi James,

    Thanks for your respone. unfortunately this covers only RD web.. we need to cover RD Gateway with MFA..

  • RalphRalph WatchGuard Representative

    Hello Merjin,

    You protect the host with MFA. See https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/logon-app_about.html

    "...To protect the RD Gateway server itself, you install the Logon app on the server. To protect the hosts behind the RD Gateway, you install the Logon app on the hosts....."

  • I want to implement MFA for anyone using the gateway to connect to a multitude of hosts. Does installing AuthPoint on the gateway achieve this?
  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @MarkW
    The gateway can reach out for as many RADIUS resources as you want, and can sync to the LDAP/ADFS hosts you have configured. SAML requests come directly from WatchGuard Cloud.

    -James Carson
    WatchGuard Customer Support

  • I think MARKW was me from last year. I'm not sure I understand @james.carson response though. Can someone tell me how I configure a Microsoft RD Gateway and/or Authpoint in order to use Authpoint MFA when connecting to any other host via said RD Gateway. Can Authpoint only protect it at the host (ie do I have to install Authpoint on any potential host, which is not what I want to do. I want to protect any external connection using the RD Gateway).

    Many thanks.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @MEW

    The RDWeb agent only protects accessing the RDWeb server. If the users can potentially access the systems any other way, we generally recommend putting the logon app on the machine/virtual machine itself to protect it.

    Under most circumstances that I run into in the wild, RDWeb is just dishing out RDP connections which the users can initiate again if they've downloaded the file instead of just opening it. Because of that. I'd suggest using the logon app on the machines too.

    -James Carson
    WatchGuard Customer Support

  • Hi @james.carson
    Thanks for the response. It's RD Gateway that I'm referring to though, not RDWeb.

    I think, from what I can glean, is that Authpoint cannot provide MFA to clients connecting to a variety of hosts through the gateway unless Authpoint is installed on any of these hosts that they may access - i.e. you cannot perform the MFA authentication at the gateway, before even getting to the host(s)?

Sign In to comment.