Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1363
Views
5
Helpful
3
Replies

Watchguard Firebox integrate with ISE (Radius)

Go to solution
PatricioMansilla47964
Level 1
Level 1

‎05-26-2020 12:00 PM

Hi everyone,

 

I'm looking for info about how to integrate vpn users of Watchguard Firebox to ISE, i tried to find out documentation about it but nothing relevant.

 

anyone could you help me?

 

Thanks.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎05-26-2020 09:15 PM

Hi

I believe you want to authenticate your users against ISE and that’s it?
If so, there’s nothing much to do. Your Watchguard has to be declared as a simple NAD and ISE with a standard policy-set (as if it was any other device like Cisco).
Is it what you’re looking for? If not, can you please detail the integration you’re looking for. I don’t think watchguard has any more possible integration but you can look at Cisco ise 3rd party compatibility matrix or ask watchguard directly.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

3 Replies 3

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎05-26-2020 09:15 PM

Hi

I believe you want to authenticate your users against ISE and that’s it?
If so, there’s nothing much to do. Your Watchguard has to be declared as a simple NAD and ISE with a standard policy-set (as if it was any other device like Cisco).
Is it what you’re looking for? If not, can you please detail the integration you’re looking for. I don’t think watchguard has any more possible integration but you can look at Cisco ise 3rd party compatibility matrix or ask watchguard directly.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
PatricioMansilla47964
Level 1
Level 1
In response to Francesco Molino

‎05-27-2020 11:15 AM

Hi Francesco,

 

Thank you for you help, at least now the watchguard vpn client (Firebox) is authenticating on ISE, this is my first step, but now i want to make a posture assessment (i need to implemente compliance measures), i don't now if that is possible or only available for anyconnect?

 

Thanks in advance.

 

Regards.

Patricio

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to PatricioMansilla47964

‎05-27-2020 06:23 PM

For posture over VPN you'll need to have anyconnect and so a Cisco firewall. On this client, you will need to deploy the posture module.
Another solution I like more is to use a software like Rapid7, Tenable,.. you can integrate to ise and right after an authentication, ISE will trigger a scan of the machine to get a cvss score (could be with or without an agent installed on the machine). Based on this score you can trigger a push of acl, deny access... but this will be possible if your whatchguard supports any radius attribute like that.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents