I Need To Make A Change With My IT Support! Call (225) 706-8414

How to configure WatchGuard LDAP Authentication

You need to configure LDAP authentication with your Watchguard XDM.


Before working on the WatchGuard itself, follow these instructions to install the WatchGuard Single Sign On Agent on a Domain Controller in Clientless Authorization mode

With the Single Sign On agent in place, we can configure AD Authentication on the WatchGuard

  1. Select Authentication > Single Sign-On.
  2. Select the Enable Single Sign-On (SSO) with Active Directory check box.
    Screen shot of the Authentication Single Sign-On page with SSO enabled
  1. In the SSO Agent IP address text box, type the IP address of your SSO Agent.
  2. In the Cache data for text box, type or select the amount of time the SSO Agent caches data

With AD Authentication Enabled, we can now specify an AD Authentication Server

  1. From the Server list, select Active Directory.
    Screen shot of the Authentication Servers page, with the Active Directory tab selected
  2. Select Authentication > Servers.
  3. Click Add.
  4. Change the following settings to reflect your environment
    • Domain Name – this is the name of your Active Directory domain:
    • Primary – This is the primary Domain Controller the XDM will attempt to contact for AD Lookups. You may choose DNS lookup or by IP Address – If you use DNS, you must configure your XDM with internal DNS servers:
    • Secondary (Optional) – This will define a second Domain Controller for the XDM to perform lookups. It will be used if the primary can’t be contacted.
    • Timeout – the duration that the XDM will attempt to lookup an item in AD. After the timeout has expired, the lookup will have failed.
    • Search Base – This is the default location the XDM will query.

      The queries are recursive, so, if you set the Search Base to the Domain level every container in the domain will be searched.
    • Group String – for Active Directory domains this will always be:
    • Searching User settings – These settings are used to log into AD if you change the Login Attribute setting from its default. If that is the case, you will need a valid AD user account and password
    •  Login Attribute – By default, the sAMAccountName is bound which is provided by the user when Authentication is requested.
    • Dead Time – The XDM will wait this duration before retrying an inactive Domain Controller
    • Enable LDAPS – This will force the XDM to connect on the secure LDAP port 636
  5. Click Save once all of your settings are in place

You are now able to create firewall rules that require Active Directory Authentication.

Concerned About Cyber Attacks?


Want to Migrate to the Cloud?

Office 365

Ready to Experience Microsoft Office 365?

Want the latest IT news directly in your inbox? Subscribe now!