WatchGuard Duo Radius

Anyone successful setup watchguard firewall with Duo Radius?

I have setup my Duo Proxy

[radius_client]
host=127.0.0.1
port=1812
secret=xxxxxxxxxx
pass_through_all=true

[radius_server_auto]
ikey=xxxxxxxxxxxxx
skey=xxxxxxxxxxxxxxxxxxxxxxxxx
api_host=xxxxxxxxxxxxx
radius_ip_1=192.168.36.2
radius_secret_1=xxxxxxx
client=ad_client
pass_through_all=true
failmode=safe
port=18120

Setup NPS on same box

Radius client
Address 127.0.0.1
Shared Secret

Network policy
Grant access
Conditions - user group SSLVPN-Users
PAP
Radius attributes, Standard
Framed-Protocol PPP
Service-Type Framed
Filter-ID - SSLVPN-Users

On watchguard set all radius as per documentation
it does a Duo push - then I get

2020-08-11 09:42:26 admd Authentication of SSLVPN user xxxxx@RADIUS] from 192.168.36.33 rejected, user isn’t in the right group id=“1100-0005”

Does anyone have any suggestions?

Thanks,
Brett

Hi @BAB, right now you have the Filter-ID set to SSLVPN-Users. Notice how the response you get says “user isn’t in the right group”? I think the issue here is that you have to specify attribute 11 (filter-id) as the group attribute when using groups for VPN authorization with this configuration. I got this answer from a past discussion on integrating Watchguard and the Duo Authentication Proxy using Radius, which you can check out for more details. Does this help?