• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Company · Blog · Newsletter · Events · Partner Program

Downloads      Support      Security     Admin Login
Rublon

Rublon

Secure Remote Access

  • Product
    • Regulatory Compliance
    • Use Cases
    • Rublon Reviews
    • Authentication Basics
    • What is MFA?
    • Importance of MFA
    • User Experience
    • Authentication Methods
    • Rublon Authenticator
    • Remembered Devices
    • Logs
    • Single Sign-On
    • Access Policies
    • Directory Sync
  • Solutions
    • MFA for Remote Desktop
    • MFA for Remote Access Software
    • MFA for Windows Logon
    • MFA for Linux
    • MFA for Active Directory
    • MFA for LDAP
    • MFA for RADIUS
    • MFA for SAML
    • MFA for RemoteApp
    • MFA for Workgroup Accounts
    • MFA for Entra ID
  • Customers
  • Industries
    • Financial Services
    • Investment Funds
    • Retail
    • Technology
    • Healthcare
    • Legal
    • Education
    • Government
  • Pricing
  • Docs
Contact Sales Free Trial

Multi-Factor Authentication (2FA/MFA) for WatchGuard Firebox – LDAP

Multi-Factor (MFA) and Two-Factor Authentication (2FA) for WatchGuard Mobile IPSec and SSL VPN using RADIUS

May 14, 2024 By Rublon Authors

Last updated on July 8, 2025

MFA for WatchGuard Firebox is an added security measure that requires users to provide extra proof of identity to connect to the Firebox. Alongside the standard login/password primary authentication, WatchGuard Firebox introduces a secondary authentication that the user must complete. This secondary authentication involves the user approving a Mobile Push authentication request sent to their mobile device. Only upon completion of both primary and secondary authentication can the user access the firewall. Thus, even if cybercriminals have your password, MFA for WatchGuard Firebox prevents them from connecting to the firewall.

Overview

Rublon Multi-Factor Authentication for WatchGuard Firebox enables you to enhance the security of your WatchGuard Firebox logins. MFA for WatchGuard Firebox is implemented using the Rublon Authentication Proxy.

Rublon MFA for WatchGuard Firebox facilitates Multi-Factor Authentication (MFA) / Two-Factor Authentication (2FA) during WatchGuard logins to the Firebox firewall. If a user correctly enters their username and password, they will be asked to complete an additional authentication method. If the user is unable to complete the secondary authentication, Rublon will deny access, thereby thwarting a potential hacker’s attempt to gain entry.

Supported Authentication Methods

Authentication Method Supported Comments
Mobile Push ✔ N/A
WebAuthn/U2F Security Key – N/A
Passcode ✔ N/A
SMS Passcode – N/A
SMS Link ✔ N/A
Phone Call ✔ N/A
QR Code – N/A
Email Link ✔ N/A
YubiKey OTP Security Key ✔ N/A

Before You Start Configuring MFA for Watchguard Firebox

Before configuring Rublon MFA for WatchGuard Firebox:

  • Ensure you have prepared all required components.
  • Create an application in the Rublon Admin Console.
  • Install the Rublon Authenticator mobile app.

Required Components

1. User Identity Provider (IdP) – You need an external Identity Provider, such as Microsoft Active Directory, OpenLDAP, or FreeRADIUS.

2. Rublon Authentication Proxy – Install the Rublon Authentication Proxy if you have not already.

3. WatchGuard Mobile VPN – Ensure you have correctly configured your WatchGuard Firebox Cloud (PAYG) with Mobile VPN, especially that user logins work properly before deploying MFA for WatchGuard.

Create an Application in the Rublon Admin Console

1. Sign up for the Rublon Admin Console. Here’s how.

2. In the Rublon Admin Console, go to the Applications tab and click Add Application. 

3. Enter a name for your application (e.g., WatchGuard Firebox) and then set the type to Rublon Authentication Proxy.

4. Click Save to add the new application in the Rublon Admin Console.

5. Copy and save the values of the System Token and Secret Key. You are going to need these values later.

Install Rublon Authenticator

Some end-users may install the Rublon Authenticator mobile app. So, as a person configuring MFA for WatchGuard Mobile VPN, we highly recommend you install the Rublon Authenticator mobile app, too. Thanks to that, you will be able to test MFA for WatchGuard via Mobile Push.

Download the Rublon Authenticator for:

  • Android
  • iOS
  • HarmonyOS

Configuring Multi-Factor Authentication (MFA) for WatchGuard Firebox

Follow the following instructions to set up MFA for WatchGuard Firebox.

1. Log in to the WatchGuard Firebox Admin Panel (Fireware Web UI).

2. In the left pane, click Authentication and then select Servers.

3. Click Active Directory.

4. Click the lock to make changes and then click ADD.

5. Fill in the form. Refer to the following image and table.

Domain Name or IP AddressEnter the IP address of the Rublon Authentication Proxy.
PortEnter the port of your Rublon Authentication Proxy server.

Default: 1812
Timeout60

If experiencing issues, increase to 90.
Dead Time10 (Minutes)
Search BaseEnter the Base DN of a user who has Read rights in your Active Directory server.
Group StringtokenGroups
Login Attributecn
DN of Searching UserEnter the Bind DN of a user who has Read rights in your Active Directory server.
Password of Searching UserEnter the password of the user defined by Bind DN.

6. Click SAVE to save your changes.

7. The Active Directory server you added should now be visible in the list of servers.

Configuring Mobile VPN

1. In the WatchGuard Firebox Admin Panel, click VPN and then select Mobile VPN. 

2. Make sure the padlock is open. If it is closed, click it to open it. Otherwise, you will not be able to make any changes.

Image showing a list of supported Mobile VPN tunnels

Mobile VPN Configuration with IPSec

1. In Mobile VPN, navigate to the IPSec section and click CONFIGURE.

2. In the Groups section, select your profile and click EDIT.

Image showing configuring MFA for WatchGuard Mobile VPN with IPSec

3. Select the General tab.

4. In the Authentication Server dropdown, select your Rublon Authentication Proxy server. It has the Domain Name you set when configuring Rublon Authentication Proxy as Active Directory server.

Image showing setting the RADIUS server for WatchGuard Mobile IPSec VPN

5. Click SAVE to save your changes.

Mobile VPN Configuration with SSL

To make MFA for SSL Mobile VPN work, you have to manually add all your users to WatchGuard VPN and then allow them to use SSL VPN. Let’s do it:

1. In the left pane, expand Authentication and select Users and Groups. Then, click ADD to add a new user.

Image showing configuring MFA for Mobile VPN with SSL

2. In Add User or Group, enter the name of the user and select the authentication source.

Image showing adding user or group to WatchGuard VPN
TypeUser
NameEnter the username.
DescriptionThis is optional, but you can enter a description of the user if you want.
Authentication ServerSelect the Rublon Authentication Proxy server you have created before.

3. Other options are optional. Click OK and then click Save in the main list of all groups and users to confirm the new user.

You need to do the above three steps for all users you want to allow to use Mobile VPN with SSL.

4. After you added all your users, you can configure SSL VPN. In the left pane, click VPN and select Mobile VPN. Then, navigate to the SSL section and click CONFIGURE.

Image showing the SSL VPN in the list of Mobile VPN tunnels

5. Select the Authentication tab.

6. In AUTHENTICATION SERVERS, select your Rublon Authentication Proxy server and click ADD. Then, select it on the list of authentication servers and click MOVE UP to make it default.

Image showing authentication server settings for WatchGuard SSL VPN

7. In Users and Groups, select the groups and users you want to allow to use SSL VPN.

Image showing users and groups that will use MFA for WatchGuard SSL VPN

8. Click SAVE to confirm and save the changes you made.

Testing Multi-Factor Authentication (MFA) for WatchGuard Mobile VPN (IPSec)

In this WatchGuard Mobile IPSec VPN testing example, we used the WatchGuard Mobile VPN application (Mobile VPN Monitor). The first time you run WatchGuard Mobile VPN, you have the opportunity to create a VPN profile. When creating the VPN profile, you can import the configuration file generated in Mobile VPN.

After importing a connection profile, test the connection:

1. Open the WatchGuard Mobile VPN client and click the red Connection button. 

Image showing the WatchGuard Mobile VPN client

2. Enter your User ID and password and click OK.

Image showing VPN credentials on the WatchGuard Mobile VPN client

3. Rublon will send a Mobile Push authentication request to your phone. Tap APPROVE.

Image showing a Rublon Mobile Push

4. You will connect to the VPN.

Image showing WatchGuard Mobile VPN client successfully connected to the VPN after MFA

Testing Multi-Factor Authentication (MFA) for WatchGuard Mobile VPN (SSL)

In this WatchGuard Mobile SSL VPN testing example, we used the WatchGuard Mobile VPN with SSL client.

1. Provide the IP of your server, the user name and password, and click Connect.

Image showing the WatchGuard Mobile VPN with SSL client

2. Rublon will send a Mobile Push authentication request to your phone. Tap APPROVE.

Image showing a Mobile Push during MFA for WatchGuard Mobile VPN

3. After approving the push, the window will minimize, and you will see a notification informing you that a connection was made.

Image showing a notification saying SSL VPN connection was successful after Multi-Factor Authentication was completed.

Troubleshooting

If you encounter any issues with your Rublon integration, please contact Rublon Support.

Related Posts

Rublon Authentication Proxy

Rublon Authentication Proxy – Integrations

Filed Under: Documentation

Primary Sidebar

Contents

  • Overview
  • Supported Authentication Methods
  • Before You Start Configuring MFA for Watchguard Firebox
    • Required Components
    • Create an Application in the Rublon Admin Console
    • Install Rublon Authenticator
  • Configuring Multi-Factor Authentication (MFA) for WatchGuard Firebox
    • Configuring Mobile VPN
      • Mobile VPN Configuration with IPSec
      • Mobile VPN Configuration with SSL
  • Testing Multi-Factor Authentication (MFA) for WatchGuard Mobile VPN (IPSec)
  • Testing Multi-Factor Authentication (MFA) for WatchGuard Mobile VPN (SSL)
  • Troubleshooting
  • Related Posts
Try Rublon for Free
Start your 30-day Rublon Trial to secure your employees using multi-factor authentication.
No Credit Card Required


Footer

Product

  • Regulatory Compliance
  • Use Cases
  • Rublon Reviews
  • Authentication Basics
  • What is MFA?
  • Importance of MFA
  • User Experience
  • Authentication Methods
  • Rublon Authenticator
  • Remembered Devices
  • Logs
  • Single Sign-On
  • Access Policies
  • Directory Sync

Solutions

  • MFA for Remote Desktop
  • MFA for Windows Logon
  • MFA for Remote Access Software
  • MFA for Linux
  • MFA for Active Directory
  • MFA for LDAP
  • MFA for RADIUS
  • MFA for SAML
  • MFA for RemoteApp
  • MFA for Workgroup Accounts
  • MFA for Entra ID

Industries

  • Financial Services
  • Investment Funds
  • Retail
  • Technology
  • Healthcare
  • Legal
  • Education
  • Government

Documentation

  • 2FA for Windows & RDP
  • 2FA for RDS
  • 2FA for RD Gateway
  • 2FA for RD Web Access
  • 2FA for SSH
  • 2FA for OpenVPN
  • 2FA for SonicWall VPN
  • 2FA for Cisco VPN
  • 2FA for Office 365

Support

  • Knowledge Base
  • FAQ
  • System Status

About

  • About Us
  • Blog
  • Events
  • Co-funded by the European Union
  • Contact Us

  • Facebook
  • GitHub
  • LinkedIn
  • Twitter
  • YouTube

© 2025 Rublon · Imprint · Legal & Privacy · Security

  • English