Watchguard Authpoint great for adding MFA to your VPN logins.
Updated April 29, 2022

Watchguard Authpoint great for adding MFA to your VPN logins.

Ryhlen Schoeberl | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with WatchGuard AuthPoint

We use Watchguard Authpoint to enforce Multi-Form Authentication for all our VPN users when they are attempting to connect to the corporate VPN. It adds extra security for our remote workforce by requiring them to MFA every time their credentials are used to connect to the corporate VPN.
  • Integration with M365.
  • integration with a Radius Server.
  • managing user access.
  • Would like to see the road to have it be used for MFA applications for other products.
  • More in depth documentation on the capabilities of authpoint.
  • By adding MFA to vpn it has added security to VPN logins.
  • We can limit to allowed time for VPN in.
  • We can limit by geolocation as well.
Watchguard Authpoint worked the best for us as we had multiple WatchGuard firewalls and only 2 cisco ASA. If we wanted to use a different product we would have had to replace our corporate firewalls. Also, some of our users are not good with the command line so it just made sense to continue with WatchGuard so all our IT users can assist with supporting our end users.
We have benefitted greatly by not having to deploy another piece of hardware. It integrates with our current WatchGuard firewalls when the cloud feature is enabled on them. there are 2 options you can manage the firewalls on the device itself or in the cloud as well. For security, we manage all our WatchGuard firewalls on-prem with their GUI interfaces.
The users do say it is easy but they complain about the extra step when VPNing in. We have explained that it is for extra security so if their login gets compromised that someone cannot use it to VPN into the network as them without them hitting the approve button.
Our users are using m365 right now, and going from an on-prem setup with no SSO to m365 and everything using the same login our users are excited to not have to remember so many passwords. We are still moving things over to integrate our systems with SSO where they are capable but Watchguard authpoint has multiple SSO integrations that you can use so you can make the experience less cumbersome for your users.

Do you think WatchGuard AuthPoint delivers good value for the price?

Yes

Are you happy with WatchGuard AuthPoint's feature set?

Yes

Did WatchGuard AuthPoint live up to sales and marketing promises?

Yes

Did implementation of WatchGuard AuthPoint go as expected?

Yes

Would you buy WatchGuard AuthPoint again?

Yes

Nutanix AOS, Microsoft Endpoint Manager (Microsoft Intune + SCCM), Rapid7 InsightVM (Nexpose)
Authpoint is great for using in conjunction with your WatchGuard firewalls in order to add an extra layer of security to your user's VPN login requirements by requiring MFA upon login. I have only really used it for setting up MFA on VPN logins so I do not have any information on if it works with other firewall VPNs but I doubt it does.

Using WatchGuard AuthPoint

386 - Remote users use it to VPN in we have a license for 580 users as we are growing but not all users will be working remote.
5 - We have a couple people that have been working with watchguard for 7 years or more and 2 people that have only been working with watchguard for a couple months. the logging is easy to read so we can support our end users when they have issues.
  • MFA on VPN
  • Limit hours that users can VPN in.
  • Limit geolocation of IP address that people can connect to VPN from.
  • Might be able to lock down hours or location allowed to use authpoint in the future
We need to have mfa on our vpn so we will continue to renew as long as we use the watchguard firewalls

Evaluating WatchGuard AuthPoint and Competitors

  • Price
  • Product Usability
  • Prior Experience with the Product
The most important thing was it is the product that integrates with our firewalls to provide mfa requirement to vpn into our corporate network.
I would not really change anything. Everything went perfect for my testing and Authpoint integrates very easily with my watchguard firewalls

WatchGuard AuthPoint Implementation

IF you have conditional access enabled in your environment it may mess with the integration make sure you exclude Authpoint so it works properly
Change management was a minor issue with the implementation - There was some pushback from users for getting MFA turned on when using VPN but they got used to it very quickly
  • Only issues i has was testing first login, it was failing but it was my SSO blocking the attempt to connect because of a conditional access rule

WatchGuard AuthPoint Support

ProsCons
Quick Resolution
Good followup
Problems get solved
Kept well informed
No escalation required
Immediate help available
Support understands my problem
Support cares about my success
Quick Initial Response
Less knowledgeable
No we did not look at premium support for authpoint i do not know if it is even an option
i only had to contact 1 time during setup and we were able to resolve the issue on first call
whenever i have a support issue i usually get a response withing the first few hours unless i am down then i call and can talk to someone right away

Using WatchGuard AuthPoint

ProsCons
Like to use
Relatively simple
Easy to use
Technical support not required
Well integrated
Consistent
Quick to learn
Convenient
Feel confident using
Familiar
None
  • Integration with Azure
  • using the app to mfa on vpn
  • limiting access based on location, time of day, etc
  • i did not find anything cumbersome to use
I was able to setup and start testing in 1 day, there was an issue where when i approved the MFA it was not working, but when working with support (They were very responsive and fast to assist) it turns out that my conditional access policy was blocking it so i had to exclude the application from using mfa in my single sign on environment.
Yes - very easy and straight forward. I have users setting up the mobile app without any instructions except what the activation email provides.