Firebox Mobile VPN with IPSec Integration with Azure AD Users (2024)

Table of Contents
Deployment Overview Integration Summary Topology Before You Begin Configure Azure Configure Secure LDAP Configure a Security Rule in Azure Add an Azure Group and User Configure the Firebox Configure Active Directory Authentication Configure Mobile VPN with IPSec Test the Integration

Deployment Overview

WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product.

This document describes how to set up Active Directory authentication for Mobile VPN with IPSec.

Integration Summary

The hardware and software used in this guide include:

  • Firebox with Fireware v12.7.1
  • Microsoft Azure

Topology

This topology diagram shows the data flow for Active Directory authentication with a WatchGuard Firebox and Azure AD Domain Services.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (1)

See Also
Koop niet op Temu voordat je dit leest! - VPN NederlandCVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability

Before You Begin

Before you begin these procedures, make sure that:

  • You have an Azure Active Directory global administrator account within the Azure Active Directory tenant.
  • You have an active Azure subscription.
  • You have created and configured Azure Active Directory Domain Services (Azure AD DS).

Additional charges might apply for the use of Microsoft Azure.

Configure Azure

The steps in this section cover how to configure Azure AD.

Configure Secure LDAP

To configure Secure LDAP:

  1. Log in to the Azure portal with your Microsoft Azure account credentials.
  2. Click Resource groups.
  3. Select your Azure AD Domain Services resource group.
  4. Click the Azure AD Domain Services.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (2)

  1. Select Settings > Secure LDAP.
  2. Enable the Secure LDAP toggle.
  3. Enable the Allow secure LDAP access over the internet toggle.
  4. Next to the .PFX file with secure LDAP certificate text box, click the folder icon and upload your certificate. For information about how to create and export the certificate, see Configure Secure LDAP in the Microsoft documentation.
  5. In the Password to decrypt .PFX file text box, type the password.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (3)

  1. Click Save.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (4)

  1. Select Properties.
  2. Copy the Secure LDAP external IP addresses value. You need this information when you configure the Firebox.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (5)

Configure a Security Rule in Azure

To configure a security rule in Azure:

  1. In the Azure portal, click Resource groups.
  2. Select your Azure AD Domain Services resource group.
  3. Select the network security group.
  4. Select Settings > Inbound security rules > Add.
  5. From the Source drop-down list, select IP Addresses.
  6. In the Source IP addresses/CIDR ranges text box, type the public IP address or range for your environment.
  7. From the Destination drop-down list, select Any.
  8. From the Service drop-down list, select Custom.
  9. In the Destination port ranges text box, type 636.
  10. For Protocol, select TCP.
  11. In the Priority text box, type a number between 100 and 4096. In our example, we type 311.
  12. In the Name text box, type a name.
  13. Leave the default value for all other settings.
  14. Click Add.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (6)

Add an Azure Group and User

To add an Azure group and user:

  1. Go back to the Azure home page.
  2. Click Azure Active Directory.
  3. Select Manage > Groups.
  4. Click + New group.
  5. From the Group type drop-down list, select Security.
  6. In the Group name text box, type a group name.
  7. From the Membership type drop-down list, select Assigned.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (7)

  1. Click Create.
  2. To add a user in Azure, select Manage > Users.
  3. Click + New user and enter your user information.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (8)

  1. Click Create.

Users must change their passwords before they can use Azure AD DS. The password change process causes the password hashes for Kerberos and NTLM authentication to be generated and stored in Azure AD. The account is not synced from Azure AD to Azure AD DS until the password is changed. It might take a few minutes after the password change before the new password can be used in Azure AD DS.

Configure the Firebox

You must configure the Active Directory authentication settings and enable Mobile VPN with IPSec on your Firebox.

Configure Active Directory Authentication

To configure Active Directory authentication:

  1. Log in to Fireware Web UI (https://<your Firebox IP address>:8080).
  2. Select Authentication > Servers.
    The Authentication Servers page opens.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (9)

  1. From the Authentication Servers list, click Active Directory.
    The Active Directory page opens.
  2. Click Add.
  3. Click Next.
  4. In the Domain Name text box, type the domain name. You cannot change the domain name after you save the settings.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (10)

  1. Click Next.
  2. In the Server Address text box, type or paste the secure LDAP external IP address you copied in the previous section.
  3. Select the Enable secure SSL connections to your Active Directory server (LDAPS) check box.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (11)

  1. Click Next.
  2. Click Finish.

Configure Mobile VPN with IPSec

To configure Mobile VPNwithIPSec:

  1. Select VPN > Mobile VPN.
  2. In the IPSec section, click Configure.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (12)

  1. Click Add to add a new group.
  2. In the Name text box, type a group name that matches the name of the Azure Active Directory group your users belong to.
  3. From the Authentication Server drop-down list, select your authentication server.
  4. In the Passphrase and Confirm text boxes, type a passphrase to encrypt the mobile VPN profile (.wgx file) that you distribute to users in this group. The passphrase can only use standard ASCII characters. If you use a certificate for authentication, this passphrase is also used to encrypt the exported certificate file you send to users.
  5. In the Primary text box, type the external IP address of the Firebox that the VPN client connects to.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (13)

  1. Select the Resources tab.
  2. Select the Allow All Traffic Through Tunnel check box.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (14)

  1. In the Virtual IP Address Pool section, click Add.
  2. From the Choose Type drop-down list, select Host Range IPv4.
  3. In the From and To text boxes, type a range for your virtual IP addresses. The range should not be in your interface range. The IP addresses in the virtual IP address pool cannot be used for anything else on your network.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (15)

  1. Click OK.
  2. Click Save.
  3. In the Groups list, select your group.
  4. From the Client drop-down list, select WatchGuard Mobile VPN.
  5. Click Generate and save the <group name>.ini file.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (16)

Test the Integration

To test the integration of Azure AD Users and the WatchGuard Mobile VPN with IPSec.

  1. Open your WatchGuard Mobile VPN with IPSec client.
  2. Select Configuration > Profiles and import the <group name>.ini config file. This is the file you generated at the end of the Configure Mobile VPN with IPSec section.
  3. Click Add / Import.
  4. Select Profile Import. Click Next.
  5. Select your file. Click Next to finish.
  6. Select your profile as default. Click OK.
  7. Select Connection > Connect.
  8. Type your Azure AD user name and password.
  9. Click OK.
    You are connected successfully.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (17)

Give Us FeedbackGet SupportAll Product DocumentationTechnical Search

© 2024 WatchGuard Technologies, Inc. All rights reserved. WatchGuard and the WatchGuard logo are registered trademarks or trademarks of WatchGuard Technologies in the United States and other countries. Various other trademarks are held by their respective owners.

Firebox Mobile VPN with IPSec Integration with Azure AD Users (2024)
Top Articles
Apple unveils iPhone 15 Pro and iPhone 15 Pro Max
Chicken Parmesan Recipe (VIDEO)
Did Warren Buffett mentor Bill Gates?
What was the one word answer to why Bill Gates and Warren Buffett have been so successful?
Latest Posts
iPhone 15 Pro and iPhone 15 Pro Max
Easy Chicken Stir Fry Recipe
Article information

Author: Nathanael Baumbach

Last Updated:

Views: 6092

Rating: 4.4 / 5 (55 voted)

Reviews: 86% of readers found this page helpful

Author information

Name: Nathanael Baumbach

Birthday: 1998-12-02

Address: Apt. 829 751 Glover View, West Orlando, IN 22436

Phone: +901025288581

Job: Internal IT Coordinator

Hobby: Gunsmithing, Motor sports, Flying, Skiing, Hooping, Lego building, Ice skating

Introduction: My name is Nathanael Baumbach, I am a fantastic, nice, victorious, brave, healthy, cute, glorious person who loves writing and wants to share my knowledge and understanding with you.