Enable SAML authentication for Remote Access VPN w...

SunilShivnani1 · ‎2024-08-02

I am working on deployment of new VPN Setup with SAML Authentication with PingID Idp. MDM and Gateways both are on R81.20.

To enable SAML authentication for Remote Access VPN, as per "R81.20 Remote Access VPN Administration Guide", step-4 link instructs to make few changes in Management Database via GuiDB tool on the concerned CMA. My question is about this step.

Q: If we have another Remote Access Setup in production in the same CMA which is using Radius Authentication for VPN users and we are not looking to touch this setup. Is above mentioned change via GuiDB Tool going to cause any impact?

Thanks.

PhoneBoy · ‎2024-08-02

Do the IdP users exist in LDAP?

SunilShivnani1 · ‎2024-08-02

Yes. IdP users exists in internal LDAP. These are the same users for whom we are deploying new VPN setup on another Firewall Cluster.

PhoneBoy · ‎2024-08-12

These changes appear to be specific to a security gateway/cluster.
Is RADIUS happening on the same gateway or a different one?

SunilShivnani1 · ‎2024-08-12

Yes, I noticed that the prior step mentions selecting the specific cluster, however I still wanted to ensure (to be on safer side) that those changes in "Fetch Option" parameters would not impact Radius happening with another cluster in this CMA.

PhoneBoy · ‎2024-08-12

It shouldn't since this change is specific to a given gateway/cluster.

Are you a member of CheckMates?

Enable SAML authentication for Remote Access VPN with PingID Idp