Contents

CensorNet MFA SMS PASSCODE with Firebox Integration Guide

Deployment Overview

WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product.

This integration guide describes how to configure the Firebox and CensorNet MFA SMS PASSCODE.

In our integration, SMS PASSCODE and Network Policy Server (NPS) Server are installed on one Windows Server. NPS is the Microsoft implementation of RADIUS.

Integration Summary

The hardware and software used to complete the steps outlined in this document include:

  • CensorNet MFA SMS PASSCODE
    • Version 10.0 (build 6844)
  • WatchGuard Firebox
    • Firebox with Fireware v12.3 or higher
  • NPS installed on Window Server 2016 Standard

Test Topology

This diagram shows the topology used in this integration.

CensorNet MFA SMSPASSCODE Topology

SMS PASSCODE Server includes:

  • SMS PASSCODE Database Service
  • SMS PASSCODE Web Administration Interface
  • SMS PASSCODE Authentication Backend Service
  • SMS PASSCODE Transmitter Service
  • SMS PASSCODE RADIUS Protection

SMS PASSCODE Cloud Service using default, no need configure.

Before You Begin

First, you must:

  • Install and configure Network Policy Server (NPS) on a Microsoft Server
  • Configure Mobile VPN with SSL on your Firebox
  • Download an install the Mobile VPN with SSL client
  • Make sure the Mobile VPN with SSL client can connect to the Firebox

To configure NPS, see the documentation on the Microsoft website.

To configure Mobile VPN with SSL on the Firebox, see Mobile VPN with SSL.

To install the Mobile VPN with SSL client, see Install and Connect the Mobile VPN with SSL Client.

Configure the Firebox for RADIUS

To configure a RADIUS server connection on the Firebox, from Fireware Web UI:

  1. Select Authentication > Servers > RADIUS.
  2. Select the Enable RADIUS Server check box.
  3. Screen shot of the RADIUS Server Settings on the Firebox

  4. In the IP Address text box, type the IP address of the NPS Server.
  5. In the Port text box, type the port used in NPS Server for RADIUS authentication. The default port is 1812.
  6. In the Shared Secret and Confirm Secret text boxes, type the shared secret you configured for the RADIUS client on the NPS Server.
  7. In the Dead Time text box, type 0.

If a user does not respond to an MFA challenge, the Firebox marks the RADIUS server as dead for the Dead Time duration. The Firebox does not send authentication requests for other users to the RADIUS server during this time. To avoid this issue, specify a Dead Time of 0 minutes if you configure only a primary RADIUS server. If you also configure a backup RADIUS server, specify a Dead Time of 1 minute.

  1. Keep all other default settings.
  2. Click Save.

Next, add RADIUS users and groups on the Firebox:

  1. Select Authentication > Users and Groups.
  2. Click Add.
  3. For Type, select User.
  4. In the Name text box, type the same user name you created on the NPS Server.
  5. From the Authentication Server drop-down list, select RADIUS.

Screen shot of the Add User or Group dialog box on the Firebox

  1. Click OK.
    The user is added to the Users and Groups list on the Firebox.
  2. Click Add.
  3. For Type, select Group.
  4. In the Name text box, type the same Group name you created on the NPS Server.
  5. From the Authentication Server drop-down list, select RADIUS.

Screen shot of the Add User or Group dialog box on the Firebox

  1. Click OK.
    The Group is added to the Users and Groups list on the Firebox.

Screen shot of the Users and Groups list on the Firebox

  1. Click Save.

For more information about RADIUS configuration on the Firebox, see Configure RADIUS Server Authentication.

Configure SMS PASSCODE

In the SMS PASSCODE installer:

  1. Select Install Core Components and Install Authentication Client Protections.

Screen shot of the Installation Scope dialog box in SMS PASSCODE

  1. On the Authentication Clients dialog box, select RADIUS Protection.

Screen shot of the Authentication Clients dialog box in SMS PASSCODE

  1. After SMS PASSCODE installs successfully, open the SMS PASSCODE administration site at http://localhost:2000.
  2. Select Users > Maintain Users.
  3. Click Add new user.
  4. In the Display name text box, type the display name for the user.
  5. In the Login (SAM) text box, type the domain name followed by the user name that you created on NPS Server. Use this format: domainname\username
  6. In the Phone number text box, type the mobile phone number that will receive the passcode.
  7. Keep all other default settings.
  8. Click Save.

Screen shot of the Basic Settings tab in SMS PASSCODE

Test the Integration

To test the integration:

  1. Launch the Mobile VPN with SSL client.
  2. In the Server text box, type the Firebox IP address configured in the Mobile VPN with SSL settings on the Firebox.
  3. In the User name text box, type the user name configured on the NPS server.
  4. In the Password text box, type the password. 

Screen shot of the Mobile VPN witth SSL connection box

  1. Click Connect.
    A passcode is sent to the mobile phone number you specified in the SMS PASSCODE settings.
  2. In the Enter Passcode dialog box, type the passcode you received on your phone.

PASSCODE

  1. Click OK. The Mobile VPN with SSL client connects.

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search