SSLVPN login domain for Authpoint

I've got SSLVPN set up on an M270 (v12.7) and now am trying to test Authpoint as an MFA solution.

I've followed the steps outlined in the configuration article with Authpoint cloud connection. I've set up the Resource. There is Authpoint Group named TestUsers.
The users list contains one LDAP user synced from the AD with a group sync between an AD Test group and the Authpoint group TestUsers
I've created an Authentication policy called Test Policy which has the Authpoint group TestUsers and the resource for the Firebox, with the PW,Push and OTP options selected.

Since this is a production environment, Authpoint is not the default Auth Server in the SSLVPN configuration, but is enabled. I have created a group in the SSLVPN configuration called TestUsers with a type of Authpoint and checked its box in the Users/Groups list.

When trying to test with either the Watchguard or the OpenVPN clients, I have tried the syntax AuthPoint/username and cannot make a connection.

Help!! What am I missing??

Thanks,
Paul

Answers

  • On my Fireboxes, "AuthPoint" got changed to "AuthPoint.1" automatically. I recommend trying "AuthPoint.1\Username". Note that it is a backslash and you showed trying a forward slash.

    Gregg Hill

  • P.S. I am using RADIUS with "SSLVPN-Users" as my group name to match the Firebox name.

    Gregg Hill

  • edited June 2021

    Yeah, I like the new integration perfectly... I just wish they would have named the AuthPoint integration server "AuthPoint-MFA" or maybe just state "You can't use integration with AuthPoint until you rename your RADIUS server"

    Or heck, renaming our Radius servers to "AuthPoint.Radius" would save us some time from doing it ourselves! haha....
    _
    ... or possibly when they did the original certification they should of warned us to not use AuthPoint as the name as our RADIUS setups! lol_

  • @GameGeek1266 said:
    Yeah, I like the new integration perfectly... I just wish they would have named the AuthPoint integration server "AuthPoint-MFA" or maybe just state "You can't use integration with AuthPoint until you rename your RADIUS server"

    Or heck, renaming our Radius servers to "AuthPoint.Radius" would save us some time from doing it ourselves! haha....
    _
    ... or possibly when they did the original certification they should of warned us to not use AuthPoint as the name as our RADIUS setups! lol_

    I despise the "AuthPoint.1" naming.

    Gregg Hill

Sign In to comment.