VPN – WatchGuard Fireware

In this topic, you will learn how to configure WatchGuard Fireware Mobile VPN to work together with Portnox™ Cloud and 802.1X RADIUS authentication for VPN connections.

Important: This guide provides general instructions for integrating Portnox Cloud with specific third-party devices. While we aim to provide helpful examples for commonly used models, configurations may vary across manufacturers, models, and environments. As a result, we cannot guarantee that these steps will work in every scenario. For questions or issues related to RADIUS setup – which is an industry standard and not specific to Portnox – or device-specific settings and troubleshooting, we recommend consulting the device manufacturer’s documentation and contacting their support team. While Portnox Support is happy to assist where possible, please note that detailed configuration of third-party devices is typically best handled by the manufacturer.
Warning: This topic contains documentation prepared by our support agents more than 12 months ago. It may not cover the newest models or the newest interfaces of NAS devices. We’re working on bringing you updated documentation for NAS devices in the near future. However, the methods of setting up third-party devices may still change when the manufacturers update their firmware or release new models.
  1. In the WatchGuard Fireware web interface, navigate to Authentication > Servers > RADIUS to create a RADIUS authentication server configuration:

    1. Activate the Enable RADIUS Server checkbox.
    2. Enter your cloud RADIUS details for RADIUS authentication (not accounting).
    3. Set Timeout to 30 seconds.
    4. Click on Save.
  2. Complete one of the following sections, depending on whether you want to configure an L2TP VPN or an SSL VPN.

Configure an L2TP VPN

  1. Navigate to VPN > Mobile VPN with L2TP and click on Configure.
  2. Activate the Activate Mobile VPN with L2TP checkbox.
  3. In the Network tab, add the desired Virtual IP Address Pool.

  4. In the Authentication tab:
    1. Select RADIUS as the Authentication Server.

    2. Make sure the Name of the VPN authentication group listed in WatchGuard Fireware is identical to the name of the Portnox Cloud for VPN users.

  5. In the IPSec tab, activate the Enable IPSec checkbox, and configure the following:
    1. Select Use Pre-shared Key and enter the key that will be used for the L2TP connection and select at least one Phase 1 Transform.

    2. In the Phase 2 Settings tab, select at least one of Phase 2 IPSec Proposals.

  6. Click on Save.

Configure an SSL VPN

  1. Navigate to VPN > Mobile VPN with SSL and activate the Activate Mobile VPN with SSL checkbox.
  2. In the General tab, select the Primary IP address or domain name for SSL users to connect to.

  3. In the Authentication tab:
    1. Select RADIUS as the Authentication Server.

    2. Make sure the Name of the VPN authentication group listed in WatchGuard Fireware is identical to the name of the Portnox Cloud for VPN users.

  4. Click on Save.