The AuthPoint Gateway is a lightweight software application that you install on your network so that AuthPoint can communicate with your RADIUS clients, the AuthPoint agent for ADFS, and your Active Directory or LDAP database. The Gateway functions as a RADIUS server and is required for RADIUS authentication and to enable LDAP synced users to authenticate with SAML resources.
You can see the Gateway(s) you have configured on the Gateway page. There is a tile for each Gateway that shows you the version that is installed and the current status of the Gateway.
You can configure more than one Gateway on a network. For each primary Gateway that you configure, you can configure up to five secondary Gateways.
The primary Gateway synchronizes your LDAP users and enables RADIUS authentication and LDAP user authentication. This Gateway is the primary point of communication between AuthPoint and your RADIUS clients, the AuthPoint agent for ADFS, and your Active Directory or LDAP database.
You can configure secondary Gateways as a failover for LDAP user authentication. When your primary Gateway is not available, AuthPoint automatically sends LDAP user authentications through the secondary Gateway until the primary Gateway becomes available again.
You can also use secondary Gateways as a backup RADIUS server. The only limitation is that the third-party software or device that sends authentication requests to the Gateway must support the use of additional RADIUS servers.
You cannot use secondary Gateways for load balancing or LDAP user synchronization.
Before you install the Gateway, you must configure it in the AuthPoint management UI.
If you already have a RADIUS server installed that uses port 1812 or 1645, you must use a different port for the AuthPoint Gateway.
In the LDAP section, in the Select an LDAP provider list, select your LDAP or Active Directory server.
If you have more than one external identity on the same network, you can configure one primary Gateway to sync users from all of your external identities or you can configure multiple primary Gateways to sync users from each external identity.
The Gateway registration key is a one-time use key. If the installation of the Gateway fails, you must generate a new key to use for the installation.
If the installation of the Gateway fails, you must generate a new key to use for the installation.
For each primary Gateway, you can add up to five secondary Gateways. When you add a secondary Gateway, it inherits the properties and associations of the primary Gateway. When you edit the primary Gateway, those changes are also made to all secondary Gateways.
To add a secondary Gateway, your primary Gateway must be installed and version 5 or higher.
To add a secondary Gateway:
After you add a secondary Gateway, you must download and install another Gateway (version 5 or higher) on your network in a different location from the primary Gateway. The steps to install a secondary Gateway are the same as the steps to install a primary Gateway. To install a Gateway, see Download and Install the Gateway.
Secondary Gateways have their own registration keys used for the installation. When you install a secondary Gateway, make sure you use the correct registration key.
If you have configured one or more secondary Gateways, you can select a secondary Gateway to become the new primary Gateway used to sync LDAP users. The current primary Gateway becomes a secondary Gateway.
To change the primary Gateway, your secondary Gateway must be installed and connected to WatchGuard Cloud.
To change the primary Gateway:
The secondary Gateway becomes the primary Gateway and is used to synchronize users from your Active Directory or LDAP database.