Firebox Mobile VPN with SSL Integration with AuthPoint

Deployment Overview

This document describes how to set up multi-factor authentication (MFA) for Mobile VPN with SSL with local users, LDAP and Active Directory users, and Azure Active Directory users. Your WatchGuard Firebox must already be configured and deployed before you set up MFA with AuthPoint.

For RADIUS authentication, users can authenticate with a push notification or a one-time password (OTP). You choose which authentication method users can use when you configure the authentication policy in AuthPoint. The steps in this integration guide are for both authentication methods.

If you enable the push and OTP authentication methods for an authentication policy, RADIUS client resources associated with that policy will use push notifications to authenticate users. For Firebox resources, users can choose which authentication method to use.

This integration was tested with Fireware v12.7.2.

Your Firebox must run Fireware v12.7.2 or higher to authenticate Azure Active Directory users with the AuthPoint authentication server on the Firebox.

Integration Summary

The hardware and software used in this guide include:

WatchGuard Firebox Authentication Data Flow with AuthPoint

AuthPoint communicates with various cloud-based services and service providers with the RADIUS protocol. This diagram shows the data flow of an MFA transaction for a WatchGuard Firebox.

With Fireware v12.7.2 or higher, the AuthPoint Gateway is only required to sync LDAP users and groups to AuthPoint. The Gateway is not used for user authentication.

Diagram of the integration components

Before You Begin

Before you begin these procedures, make sure that:

  • A token is assigned to a user in AuthPoint
  • If you have Fireware v12.7.1 or lower, we recommend that you have installed and configured the AuthPoint Gateway (see About Gateways)

Configure AuthPoint MFA for Firebox Mobile VPN with SSL

The steps to configure AuthPoint and your Firebox are different based on how you manage your Firebox and the version of Fireware that you have.