Manage and secure remote access to pfSense

0

Work from anywhere is not limited to employees of small and medium-sized enterprises (SMEs). Many IT teams and managed service providers (MSPs) work in distributed teams, which requires securing access to network infrastructure and tightly managing user identities. However, these fundamental security controls are too often ignored when internal budgets or asking a customer to spend more on remote access fails to address potential security risks.

This article is part of a series of tutorials that show how to use the capabilities of JumpCloud to achieve better security with minimal costs using a centralized platform that includes everything needed to secure access to your network. It has the added benefit of providing single sign-on (SSO) beyond this scenario, providing identity and access management (IAM) for every service your organization may use, and eliminating password management. past. everywhere.

pfSense is a popular open-source firewall and router that provides several interfaces for external authentication, even multi-factor authentication (MFA) via RADIUS. The prerequisites for securing access to pfSense using MFA via JumpCloud services are:

  • JumpCloud RADIUS Services
  • JumpCloud MFA Services
  • JumpCloud cloud directory groups, with specific settings described below

Using MFA and RADIUS for Access Control

JumpCloud enables a RADIUS challenge to embed TOTP tokens, using the JumpCloud Protect™ multi-factor authentication app. User passwords are changed to include a token each time a user logs into the appliance. Users are managed from JumpCloud directory groups, which are tied to a pfSense-specific RADIUS configuration. Our directory determines that each group within this group must be registered with MFA services to connect to any service JumpCloud connects them to, including pfSense. A user group account in pfSense determines the level of administrator rights assigned.

Configuring JumpCloud RADIUS, MFA

Each JumpCloud account includes RADIUS services, which are configured using the following steps.

To configure RADIUS, MFA for a new server:

  1. Log in to the JumpCloud admin portal: https://console.jumpcloud.com/login.
  2. Navigate to User Authentication > RADIUS.
  3. Click (+). The new RADIUS server panel appears.
  4. Configure the (Read more…)
Share.

Comments are closed.