https://community.cisco.com/t5/network-access-control/setting-up-cisco-ise-to-work-with-pfsense/m-p/4474590#M569958 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/262907">@martin.fischer</a>,</P><P>&nbsp;</P><P>Thank you for your post, yes this option worked for me!&nbsp; I am now able to log in with no issues.</P><P>&nbsp;</P><P>I also have webGUI login working with DUO MFA.&nbsp; I can only do PAP as my authentication type.&nbsp; Is that the only option?&nbsp; I tried MS-CHAPv2 but that didn't work. Wondering if there is another setting I need to find.</P><P>&nbsp;</P><P>Thank you!</P> Mon, 27 Sep 2021 13:12:37 GMT ejerviss 2021-09-27T13:12:37Z https://community.cisco.com/t5/network-access-control/setting-up-cisco-ise-to-work-with-pfsense/m-p/4470907#M569853 <P>We are trying to setup MFA on our pfsense firewalls for the webGUI for management.&nbsp; We would like to use a radius setup with ISE to gain access using MFA.&nbsp; I am able to see my authentications pass in ISE but on pFsense I don't have a user group to associate with.&nbsp; It states I need a local account with group privilege's but I don't have without creating a local user.&nbsp;&nbsp;</P><P>&nbsp;</P><P>Does anyone have experience with this?</P> Tue, 21 Sep 2021 17:49:55 GMT https://community.cisco.com/t5/network-access-control/setting-up-cisco-ise-to-work-with-pfsense/m-p/4470907#M569853 ejerviss 2021-09-21T17:49:55Z https://community.cisco.com/t5/network-access-control/setting-up-cisco-ise-to-work-with-pfsense/m-p/4472047#M569889 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1250147">@ejerviss</a>&nbsp;</P><P>If I remember correctly you don't need a local user but you need to reference the local group in the RADIUS response on ISE with the class attribute. E.g. if you want to give the user admin rights and your local group is called <STRONG>admins</STRONG> then return RADIUS:Class <STRONG>equals</STRONG> admins</P><P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="Capture.PNG" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/131841i61FD26ECDCEF71C3/image-size/medium?v=v2&amp;px=400" role="button" title="Capture.PNG" alt="Capture.PNG" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>Best regards</P> Thu, 23 Sep 2021 13:29:14 GMT https://community.cisco.com/t5/network-access-control/setting-up-cisco-ise-to-work-with-pfsense/m-p/4472047#M569889 martin.fischer 2021-09-23T13:29:14Z https://community.cisco.com/t5/network-access-control/setting-up-cisco-ise-to-work-with-pfsense/m-p/4474590#M569958 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/262907">@martin.fischer</a>,</P><P>&nbsp;</P><P>Thank you for your post, yes this option worked for me!&nbsp; I am now able to log in with no issues.</P><P>&nbsp;</P><P>I also have webGUI login working with DUO MFA.&nbsp; I can only do PAP as my authentication type.&nbsp; Is that the only option?&nbsp; I tried MS-CHAPv2 but that didn't work. Wondering if there is another setting I need to find.</P><P>&nbsp;</P><P>Thank you!</P> Mon, 27 Sep 2021 13:12:37 GMT https://community.cisco.com/t5/network-access-control/setting-up-cisco-ise-to-work-with-pfsense/m-p/4474590#M569958 ejerviss 2021-09-27T13:12:37Z