This document will show you a guide on how to integrate Ironchip with Watchguard to add an extra layer of security to the SSL VPN connection.
Requirements
- Have a functional Active Directory
- Have a configured and working Watchguard VPN.
- Have NPS protected by IRONCHIP
- Have an MFA application created in the IRONCHIP platform
- Downloaded Ironchip app
RADIUS
The first step is to create a RADIUS Client that points to the IP address through which you connect to your Watchguard VPN. To do this, go to the NPS (Network Policy Server) tab of your Active Directory, and create a new RADIUS client.
Give it an identifying name, the IP through which you connect to the VPN, and a shared secret that you should write down or remember.
-png.png?width=473&height=607&name=Untitled%20(48)-png.png)
Watchguard with RADIUS
In this step, we will give Watchguard the necessary data to connect to RADIUS.
To do this, go to authentication, then servers, and select the RADIUS option.
-png.png?width=682&height=479&name=Untitled%20(49)-png.png)
Click on the ADD option.
-png.png?width=698&height=315&name=Untitled%20(50)-png.png)
Enter the necessary data in the corresponding fields:
- The name of your Active Directory domain where RADIUS is located.
- The public IP of your Active Directory domain where RADIUS is located.
- The RADIUS port (1812 or 1645).
- The shared secret of RADIUS that we previously placed.
- Set Timeout to 60 seconds and Retries to 1 so that the user has time to authorize the connection.
- Dead Time is optional but you can modify it to your liking. (0 means deactivated)
Remember to save the changes.
-png.png?width=682&height=654&name=Untitled%20(51)-png.png)
Users and Groups
It is necessary to create users that refer to the users in your AD, go to the Users and Groups section and click on ADD to create a new one.
-png.png?width=678&height=475&name=Untitled%20(52)-png.png)
Select whether you want to create a Group or a User.
The name must be exactly the same as that of the user in your Active Directory.
The Authentication Server must be the newly created RADIUS.
Click OK and save the changes.
SSL VPN
It's time to change the VPN authentication method, to do this go to the VPN section, and within Mobile VPN enter SSL (if you do not have this VPN connection method configured, you must configure it before continuing)
-png.png?width=253&height=294&name=Untitled%20(53)-png.png)
Within this section, add the created RADIUS server to the Authentication Server section and place it as Default.
You must also check the boxes of the users and groups that you want to use.
Save the changes.
-png.png?width=685&height=791&name=Untitled%20(54)-png.png)
IRONCHIP
Finally, you have to add the users to the NPS application created in the Ironchip panel, the user names must be the same as those of Watchguard.
-png.png?width=684&height=174&name=Untitled%20(55)-png.png)
VIDEO