VPN – WatchGuard Fireware

In this topic, you will learn how to configure WatchGuard Fireware Mobile VPN to work together with Portnox™ Cloud and 802.1X RADIUS authentication for VPN connections.

Warning: This topic contains documentation prepared by our support agents more than 12 months ago. It may not cover the newest models or the newest interfaces of NAS devices. We’re working on bringing you updated documentation for NAS devices in the near future. However, the methods of setting up third-party devices may still change when the manufacturers update their firmware or release new models. Therefore, to get the most accurate and current configuration guidance, we strongly recommend that you refer to the documentation provided by the manufacturer. If you need help setting up newer equipment that does not match the description in this topic, contact us at support@portnox.com.
  1. In the WatchGuard Fireware web interface, navigate to Authentication > Servers > RADIUS to create a RADIUS authentication server configuration:

    1. Activate the Enable RADIUS Server checkbox.
    2. Enter your cloud RADIUS details for RADIUS authentication (not accounting).
    3. Set Timeout to 30 seconds.
    4. Click on Save.
  2. Complete one of the following sections, depending on whether you want to configure an L2TP VPN or an SSL VPN.

Configure an L2TP VPN

  1. Navigate to VPN > Mobile VPN with L2TP and click on Configure.
  2. Activate the Activate Mobile VPN with L2TP checkbox.
  3. In the Network tab, add the desired Virtual IP Address Pool.

  4. In the Authentication tab:
    1. Select RADIUS as the Authentication Server.

    2. Make sure the Name of the VPN authentication group listed in WatchGuard Fireware is identical to the name of the Portnox Cloud for VPN users.

  5. In the IPSec tab, activate the Enable IPSec checkbox, and configure the following:
    1. Select Use Pre-shared Key and enter the key that will be used for the L2TP connection and select at least one Phase 1 Transform.

    2. In the Phase 2 Settings tab, select at least one of Phase 2 IPSec Proposals.

  6. Click on Save.

Configure an SSL VPN

  1. Navigate to VPN > Mobile VPN with SSL and activate the Activate Mobile VPN with SSL checkbox.
  2. In the General tab, select the Primary IP address or domain name for SSL users to connect to.

  3. In the Authentication tab:
    1. Select RADIUS as the Authentication Server.

    2. Make sure the Name of the VPN authentication group listed in WatchGuard Fireware is identical to the name of the Portnox Cloud for VPN users.

  4. Click on Save.