So long as Azure MFA supports RADIUS and passes the SSLVPN group (SSLVPN-Users) as Radius attribute 11, it should work with no issue.
WatchGuard's MFA solution (AuthPoint) has a RADIUS server built into it's gateway software. This can be used with the SSLVPN.
WatchGuard Customer Support
Did you get it working?
We are using on prem azure MFA and would love to use it with a WatchGuard SSL mobile.
AuthPoint is almost x3 as much as azure... so sadly that isn't an option.
Probably. For port 4100 authentication and SSLVPN, I use Duo Security (free up to 10 users), but it requires RADIUS. I recently set up WatchGuard AuthPoint and it works without RADIUS for port 4100 authentication and SSLVPN, BUT it requires RADIUS for use with IKEv2 Mobile VPN.
Yes, it is possible to use WatchGuard AuthPoint MFA without Microsoft RADIUS, but only for port 4100 authentication and SSLVPN. AuthPoint requires RADIUS for use with IKEv2 Mobile VPN.
Do you know if Azure MFA supports WatchGuard's IKEv2 VPN? I cannot get Duo Security to work with IKEv2 VPN, but it does work with SSLVPN.
Part of our issue with we using on-perm Azure MFA. We do not connect to Azure nor use azure AD. (well.. azure is what sends the end notice to the end users, but only the notice.)
We use it for the RDS servers and web users.
It uses NPS for the RDS gateway, and naively supports IIS (with a client installed on the server.)
I think i'd know how to get NPS to talk to cloud azure AD.. but getting watchguard -> NPS (which does work) -> on perm azure mfa doesn't work.
getting watchguard to directly talk to the on-prem MFA might work, but on the MFA Radius "server" i can't find where i'd set a filter-id so it could respond to the watchguard request.
Sadly, like with MS as a whole, everything is pointing to their cloud stuff and not the on perm.
(i'm losing the battle to stay away from cloud infrastructure.)
"(i'm losing the battle to stay away from cloud infrastructure.)"
Yes, aren't we all?
Thank you for the updated information.