Firebox Cloud Mobile VPN with IKEv2 Integration with AuthPoint for Azure Active Directory Users

Deployment Overview

This document describes how to set up AuthPoint multi-factor authentication (MFA) for Azure Active Directory users that use Mobile VPN with IKEv2. This integration guide is specific to Firebox Cloud.

Your WatchGuard Firebox Cloud must already be configured and deployed before you set up MFA with AuthPoint. For detailed steps on how to deploy WatchGuard Firebox Cloud on Azure, see Deploy Firebox Cloud on Microsoft Azure.

Integration Summary

The hardware and software used in this guide include:

  • Firebox Cloud with Fireware v12.7.1
  • Firebox Cloud with Fireware v12.7
  • AuthPoint Gateway v6.1 or higher
  • Windows Server 2019 with Microsoft Network Policy Server (NPS)

Before You Begin

Before you begin these procedures, make sure that:

  • You have an Azure Active Directory global administrator account within the Azure Active Directory tenant.
  • You have an active Azure subscription.
  • You have installed and configured Azure Active Directory Domain Services.
  • The NPS has joined the Azure AD Domain Services managed domain.
  • You have installed Network Policy and Access Services, which includes Network Policy Server (NPS).
  • You have a WatchGuard Firebox Cloud deployed on Azure (see Deploy Firebox Cloud on Microsoft Azure).
  • If you have Fireware v12.7 or lower, you must install and configure v6.1.0 or higher of the AuthPoint Gateway on Azure (see About Gateways).
  • A token is assigned to a user in AuthPoint.

Additional charges might apply for the use of Microsoft Azure. To learn more about Microsoft Azure, go to What is Microsoft Entra Domain Services.

Configure AuthPoint MFA for Firebox Cloud Mobile VPN with IKEv2

The steps to configure AuthPoint and your Firebox Cloud are different based on the version of Fireware that you have. With Fireware v12.7.1 or higher, you can use the AuthPoint authentication server on your Firebox Cloud to make configuration easier, and you do not have to install the AuthPoint Gateway.