Mobile VPN with SSL ver 12.11.5 not asking for MFA anymore

ANADIANANADIAN
in Firebox - VPN Mobile User

We updated the Mobile VPN with SSL client from v12.11.2 to v12.11.5. After the update, users can establish a VPN connection using only a username and password. With v12.11.2, MFA was also required. No changes were made on the Firebox.

Answers

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @ANADIAN

    I'd suggest opening a support case. You can do so via the support center link at the top right of this page. Logs may help diagnose the issue, but please do not share authentication logs here; instead, create a support case and share them there.

    The firebox itself doesn't generate the MFA, the authentication server that the firebox is authenticating against does this. If your users are suddenly able to authenticate to the same server without MFA, something has likely changed on that server.

    We'll need more information, such as how MFA is configured:
    -Are you using AuthPoint, RADIUS, or SAML?
    -Were any changes made in your MFA configuration?

    -James Carson
    WatchGuard Customer Support

  • ANADIANANADIAN

    Hi James,
    thanks for your commnet.
    We are using SAML.
    Regards

  • wouterVEwouterVE

    I'm experiencing the same issue since 16/12.
    This is my environment:

    • Firebox os: 12.11.4
    • SSL VPN client: 12.11.2
    • SAML with M365

    Behaviour: a blank pop-up of webview comes up & dissapears after a while. No possibility to enter M365 credentials & vpn remains on status disconnected.

    On some pc's i got an error message when the pop-up appears, something like 'Cannot access C:\Users\\AppData\Local\WatchGuard\WebView2Runtime'

    with the account used to install the vpn client instead of the currently logged in user

    FYI: The last windows update installed this week is KB5072033

    Next step I took was installing the latest update for SSL VPN client to 12.11.5 which seems to run better, i.e. it shows the popup but upon logging in the popup don't close automatically and if closed manually nothing happens. Only after clicking with the right mouse button & selecting refresh the client starts the connection with the firebox.

    I've tried to uninstall the update KB5072033 to see if iet made any difference, but I ran onto a windows error so I'll leave that path behind.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @ANADIAN
    Please ensure that you have also updated your users' SSL VPN client to version 12.11.5. There is a fix for SAML-based authentication in that version.

    -James Carson
    WatchGuard Customer Support

  • ks01ks01

    This is working for me, the firewall and Mobile VPN client are both on version 12.11.5, passwordless saml also works.

Sign In to comment.