Duo and Watchguard SSLVPN with LDAP


#1

Has anyone configured Watchguard’s SSL VPN to use Active Directory credentials via LDAP and Duo as a 2FA? All the instructions to setup the VPN is to create local users on the Watchguard itself, rather than using AD creds. I’m have tried configuring Duo to use ad_client and radius_client and it doesn’t seem to work. I want to know if there is a way to us AD credentials with Duo and Watchguard.


#2

Greetings gregulator!

It looks like Watchguard Firebox and XTM devices both support LDAP authentication per their online documentation.

You may want to try configuring the Duo Authentication Proxy as an LDAP proxy. Point the Duo server to your AD DC (with [ad_client] and then point your Watchguard appliance to the LDAP proxy listener on the Duo server.

Hope this suggestion helps. Thanks for trying Duo!


#3

Can I ask if anyone has had any success setting up Duo with LDAP and watchGuard?

Any comments would be welcome.

This does seem the best route to negate the need for a radius/NPS server.