Implementing MFA for VPN without LDAP/AD

VPN
1

Background: I’m the tech department for a smaller business (25 people) spread across 2 offices as well as a few remote users. We use a Firebox in each office. I don’t force VPN for remote users and the main use for it is when users are not in their home or office, or if devs need to access something from our whitelisted IP. We don’t have any SSO, Active Directory, or LDAP.

Now, our insurance is requiring us to implement MFA on our VPN. I looked at AuthPoint but it appears to require installation on an Active Directory server, which we don’t have. Is there a different way to implement MFA on the Watchguard VPN that I am missing?

2

Use local users
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/add-users-manually.html#:~:text=When%20you%20add%20a%20local,a%20small%20number%20of%20users.

Haven’t done it yet but I’m sure it won’t be very hard once your digging around

3

I did see that and was able to set it up, but it looks like a RADIUS client is required to use MFA with VPN, which we also don’t have…

4

This :up_arrow: . You don’t sync the users, just manually add them to cloud.watchguard.com .

I doubt you can add them without a proper email, but make sure to add the email there or they won’t get the invite to enroll.

5

Exactly this…done this myself

6

You should be able to just point the AuthPoint to a resource on the firebox

I’m feeling incredibly dumb about this right now - can you explain what you mean? I see that I can set my Firebox as a resource, but that’s all.

7

Did you go through the Wizard?