11-30-2022 04:27 PM
Hello.
I don't want to re-invent the wheel here. I'm using FTD firewalls with FMC using Azure AD SAML SSO authentication, then my internal ISE server is doing the Authorization. I'm being asked to require that only company computers are allowed to connect. My ISE server is already configured for Wireless clients to use 802.1x authentication based on TLS certificates. Unfortunately, I'm not seeing an option within firepower to use SAML and AAA. Is there a way to use a second authentication method from firepower after Azure AD succeeds? Or if not that, can I get some direction on how this is accomplished? I'm assuming that I would set my ISE server for Authentication, and then somehow have ISE do the SAML authentication as well as TLS. I'm just not sure where to begin with that. My certificates are from an internal CA.
Thanks!
Andy
Solved! Go to Solution.
12-01-2022 12:41 AM
Hi @sanchezeldorado,
From FTD version 7.2 it is possible to use both SAML and certificates for RA VPN, speaking about additional authentication methids with SSO.
With SSO, what I'm doing, is usage of SAML for authentication, followed by AAA (RADIUS) for authorization-only part. Please take a look at this post for more details.
Kind regards,
Milos
12-01-2022 12:41 AM
Hi @sanchezeldorado,
From FTD version 7.2 it is possible to use both SAML and certificates for RA VPN, speaking about additional authentication methids with SSO.
With SSO, what I'm doing, is usage of SAML for authentication, followed by AAA (RADIUS) for authorization-only part. Please take a look at this post for more details.
Kind regards,
Milos
12-01-2022 07:44 AM
Thank you! That article is exactly what I was looking for. And I didn't know about 7.2. I'm currently doing it the same way you are. My company doesn't like to go beyond the current recommended version of FTD (7.0.4), so I'll let them decide if they want to upgrade.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: