Cisco Anyconnect Pfsense

Posted onby

The Cisco $35K solution was going to perform at 400M/s (max, slower with any form of IPS) and our pfSense is yielding 800M/s with AV and some light IPS enabled - CPU runs nicely at 8-10% (then again it's a VM running on a XEON Quad-core with 16GB of RAM.) And, the pfSense config for the ACLs/Routing is so much easier to manage than the PIX/ASA. OpenConnect is a SSL VPN client initially created to support Cisco’s AnyConnect SSL VPN. It has since been ported to support the Juniper SSL VPN which is now known as Pulse Connect Secure. Palo Altos Global Protect will also be supported in future and of course the own OpenConnect Server. The VPN reporting capability of Firewall Analyzer supports both Remote Host VPNs (PPTP,L2TP, and IPSEC) and Site-to-Site VPNs from vendors like Cisco, SonicWALL, WatchGuard, NetScreen, and others. VPN Reports give detailed statistics on VPN usage, thus Firewall Analyzer acts as a VPN Monitor. VPN usage reports include drill down.

-->

Azure Multi-Factor Authentication Server (Azure MFA Server) can be used to seamlessly connect with various third-party VPN solutions. This article focuses on Cisco® ASA VPN appliance, Citrix NetScaler SSL VPN appliance, and the Juniper Networks Secure Access/Pulse Secure Connect Secure SSL VPN appliance. We created configuration guides to address these three common appliances. Azure MFA Server can also integrate with most other systems that use RADIUS, LDAP, IIS, or claims-based authentication to AD FS. You can find more details in Azure MFA Server configurations.

Important

As of July 1, 2019, Microsoft no longer offers MFA Server for new deployments. New customers that want to require multi-factor authentication (MFA) during sign-in events should use cloud-based Azure AD Multi-Factor Authentication.

To get started with cloud-based MFA, see Tutorial: Secure user sign-in events with Azure AD Multi-Factor Authentication.

If you use cloud-based MFA, see Integrate your VPN infrastructure with Azure MFA.

Existing customers that activated MFA Server before July 1, 2019 can download the latest version, future updates, and generate activation credentials as usual.

Cisco ASA VPN appliance and Azure MFA Server

Azure MFA Server integrates with your Cisco® ASA VPN appliance to provide additional security for Cisco AnyConnect® VPN logins and portal access. You can use either the LDAP or RADIUS protocol. Select one of the following to download the detailed step-by-step configuration guides.

Configuration GuideDescription
Cisco ASA with Anyconnect VPN and Azure MFA Configuration for LDAPIntegrate your Cisco ASA VPN appliance with Azure MFA using LDAP
Cisco ASA with Anyconnect VPN and Azure MFA Configuration for RADIUSIntegrate your Cisco ASA VPN appliance with Azure MFA using RADIUS

Citrix NetScaler SSL VPN and Azure MFA Server

Azure MFA Server integrates with your Citrix NetScaler SSL VPN appliance to provide additional security for Citrix NetScaler SSL VPN logins and portal access. You can use either the LDAP or RADIUS protocol. Select one of the following to download the detailed step-by-step configuration guides.

Cisco Anyconnect Client Pfsense

Configuration GuideDescription
Citrix NetScaler SSL VPN and Azure MFA Configuration for LDAPIntegrate your Citrix NetScaler SSL VPN with Azure MFA appliance using LDAP
Citrix NetScaler SSL VPN and Azure MFA Configuration for RADIUSIntegrate your Citrix NetScaler SSL VPN appliance with Azure MFA using RADIUS

Juniper/Pulse Secure SSL VPN appliance and Azure MFA Server

Azure MFA Server integrates with your Juniper/Pulse Secure SSL VPN appliance to provide additional security for Juniper/Pulse Secure SSL VPN logins and portal access. You can use either the LDAP or RADIUS protocol. Select one of the following to download the detailed step-by-step configuration guides.

Configuration GuideDescription
Juniper/Pulse Secure SSL VPN and Azure MFA Configuration for LDAPIntegrate your Juniper/Pulse Secure SSL VPN with Azure MFA appliance using LDAP
Juniper/Pulse Secure SSL VPN and Azure MFA Configuration for RADIUSIntegrate your Juniper/Pulse Secure SSL VPN appliance with Azure MFA using RADIUS
Cisco

Cisco Anyconnect Windows 10

Next steps