SSL Mobile VPN with Azure MFA

Hi,

  1. Is it possible to use SSL Mobile VPN with Azure MFA instead of Watchguard MFA ?
  2. Is it possible to use Mobile VPN with Watchguard MFA without Microsoft Radius ?

Best Answer

Answers

  • Hi Ronnie,

    Did you get it working?
    We are using on prem azure MFA and would love to use it with a WatchGuard SSL mobile.
    AuthPoint is almost x3 as much as azure... so sadly that isn't an option.

    1. Probably. For port 4100 authentication and SSLVPN, I use Duo Security (free up to 10 users), but it requires RADIUS. I recently set up WatchGuard AuthPoint and it works without RADIUS for port 4100 authentication and SSLVPN, BUT it requires RADIUS for use with IKEv2 Mobile VPN.

    2. Yes, it is possible to use WatchGuard AuthPoint MFA without Microsoft RADIUS, but only for port 4100 authentication and SSLVPN. AuthPoint requires RADIUS for use with IKEv2 Mobile VPN.

    Gregg Hill

  • @JordanZielin,

    Do you know if Azure MFA supports WatchGuard's IKEv2 VPN? I cannot get Duo Security to work with IKEv2 VPN, but it does work with SSLVPN.

    Gregg

    Gregg Hill

  • Part of our issue with we using on-perm Azure MFA. We do not connect to Azure nor use azure AD. (well.. azure is what sends the end notice to the end users, but only the notice.)
    We use it for the RDS servers and web users.
    It uses NPS for the RDS gateway, and naively supports IIS (with a client installed on the server.)

    I think i'd know how to get NPS to talk to cloud azure AD.. but getting watchguard -> NPS (which does work) -> on perm azure mfa doesn't work.

    getting watchguard to directly talk to the on-prem MFA might work, but on the MFA Radius "server" i can't find where i'd set a filter-id so it could respond to the watchguard request.

    Sadly, like with MS as a whole, everything is pointing to their cloud stuff and not the on perm.
    (i'm losing the battle to stay away from cloud infrastructure.)

  • "(i'm losing the battle to stay away from cloud infrastructure.)"

    Yes, aren't we all?

    Thank you for the updated information.

    Gregg Hill

  • @Greggmh123 said:
    1. Probably. For port 4100 authentication and SSLVPN, I use Duo Security (free up to 10 users), but it requires RADIUS. I recently set up WatchGuard AuthPoint and it works without RADIUS for port 4100 authentication and SSLVPN, BUT it requires RADIUS for use with IKEv2 Mobile VPN.

    1. Yes, it is possible to use WatchGuard AuthPoint MFA without Microsoft RADIUS, but only for port 4100 authentication and SSLVPN. AuthPoint requires RADIUS for use with IKEv2 Mobile VPN.

    Hi Gregg

    I read also, SSLVPN and Watchguard MFA without Radius should be possible, but found no way
    How did you do that?
    Is there a documention for this available?

    Regards

    Markus

  • Markus,

    The AuthPoint Gateway has to be installed and it has its own RADIUS in it that works for port 4100 authentication and SSLVPN. It ties into your AD via LDAP.

    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/authpoint_deployment-guide.html

    Gregg Hill

Sign In to comment.