Firebox Mobile VPN with SSL Integration with AuthPoint

Deployment Overview

This document describes how to set up multi-factor authentication (MFA) for Mobile VPN with SSL. Your WatchGuard Firebox must already be configured and deployed before you set up MFA with AuthPoint.

For RADIUS authentication, users can authenticate with a push notification or a one-time password (OTP). You choose which authentication method users can use when you configure the authentication policy in AuthPoint. The steps in this integration guide are for both authentication methods.

This integration was tested with Fireware v12.7.

Your Firebox must run Fireware v12.7.1 or higher to authenticate Azure Active Directory users with the AuthPoint authentication server on the Firebox.

Integration Summary

The hardware and software used in this guide include:

  • Firebox with Fireware v12.7
  • Firebox with Fireware v12.6.x and lower
  • AuthPoint Gateway v6.1 or higher

WatchGuard Firebox Authentication Data Flow with AuthPoint

AuthPoint communicates with various cloud-based services and service providers with the RADIUS protocol. This diagram shows the data flow of an MFA transaction for a WatchGuard Firebox.

With Fireware v12.7 or higher, the AuthPoint Gateway is only required to sync LDAP users and groups to AuthPoint. The Gateway is not used for user authentication.

Before You Begin

Before you begin these procedures, make sure that:

  • A token is assigned to a user in AuthPoint
  • If you have Fireware v12.6.x or lower, we recommend that you have installed and configured the AuthPoint Gateway (see About Gateways)

Configure AuthPoint MFA for Firebox Mobile VPN with SSL

The steps to configure AuthPoint and your Firebox are different based on the version of Fireware that you have.