12/25/2023 0 Comments Sonicwall global vpn setup![]() ![]() Configure NPS Configure your RADIUS clientsĬreate a new RADIUS client for your SonicWall and configure it, as shown in the following screenshots. This will need to be done on each server you configure NPS on. Ensure after doing so you remove the expired certificate to prevent any potential issues. After it expires, you will need to run the script again to generate a new certificate. IMPORTANT – The self-signed certificate that gets created by running the script is valid for 2 years. This can be found by logging into the Azure AD admin portal on the web and reviewing the Overview blade.Provide your Tenant ID GUID when prompted.Sign into AAD with a global administrator account when prompted.Run the AzureMfaNpsExtnConfigSetup.ps1 script.cd “C:Program FilesMicrosoftAzureMfaConfig”.Launch PowerShell as an admin and browse to C:Program FilesMicrosoftAzureMfaConfig.Run the setup.exe file, if you have errors confirm these prerequisite libraries are installed.Download the NPS extension from here to the NPS server you will be installing it on.Microsoft’s documentation on this is good, and I suggest referencing it if you run into errors following these steps. After installing using the executable, you will also need to run a script that configures a self-signed certificate and the public keys needed for AAD. If you are using multiple servers for redundancy, complete this process on each server. You must download and install the NPS extension on your servers that NPS will be configured on. The NPS server is able to communicate to the URLs listed here via 80/443.On-premise AD that is syncing to Azure AD via Azure AD Connect.Windows Server 2012 or newer with the NPS role installed.Users are registered to use either the Authenticator app notifications or phone call MFA methods. This is necessary because the SonicWall VPN clients do not allow you to enter an MFA code, whether generated via TOTP or SMS.Azure MFA deployed to users and licensed for its use (Azure AD Premium P1/P2 or EMS).While I will not be walking through how to configure any of these prerequisites, as there is plenty of information available on these topics, you should review them and confirm they are in place so you don’t run into issues following the rest of this guide. While both of the vendor documents I’ve linked contain information on how to configure each piece of this solution separately, I am going to walk through the exact steps you need to take to implement the solutions so they fully work together. By configuring that solution and then configuring your SonicWall firewall to use RADIUS authentication for VPN clients via the same server running NPS, you are able to enforce MFA on new VPN connections. Microsoft’s Network Policy Server (NPS) extension allows you to add your existing Azure AD MFA to your infrastructure by pairing it with a server that has the NPS role installed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |