Sonicwall GVC RADIUS question

Posted by Scholar_Erasmus@reddit | sysadmin | View on Reddit | 2 comments

Hi all,

Junior sysadim here! I have received a request to set up MFA for our VPN. The problem is that we use Sonicwall GVC and cannot switch to NetExtender (our work software responds poorly to it).

Since GVC doesn't have native MFA support, I wanted to run my game plan by you all:

Set up Radius Server on our main file server via Windows NPS.
Config Radius in our Sonicwall to point towards said radius server.
Use a code based MFA app like Google Authenticator or Microsoft Authenticator. (Would I need push notification based MFA? If so, is there a free one?)

Is this a solid plan, or an I overlooking anything? I'm trying to handle this as cheaply as possible. Thanks in advance!

[-]

jmbpiano@reddit

Not free, but for push notification Duo is cheap ($3/user/month).

We've got almost the setup you're suggesting for our SonicWall*, except the RADIUS server is a Duo Authentication Proxy rather than the native Windows service.

* We do use NetExtender in our case, but I'm pretty sure doing auth via RADIUS works the same for SSLVPN as it does for GVC.

DarkAlman@reddit

Does GVC support SAML?

https://www.sonicwall.com/support/knowledge-base/how-to-configure-saml-for-sonicwall-firewall-administration-using-okta-as-idp/250429022151393

If it does you can integrate authentication and MFA from your Office 365 instance to the firewall.