Manage and Secure Remote Access to pfSense – Security Boulevard

Work from anywhere isn’t restricted to employees at small to medium-sized enterprises (SMEs). Many IT teams and managed service providers (MSPs) work in distributed teams, which necessitates securing access to network infrastructure and closely managing user identities. However, these foundational security controls are too often disregarded when internal budgets, or asking a client to spend more for remote access, fail to address the potential security risks.

This article is part of a series of how-tos that demonstrate how to use JumpCloud’s capabilities to achieve better security with minimal costs using a centralized platform that includes everything required to secure access to your network. It has the added bonus of providing single sign-on (SSO) beyond this scenario, delivering identity and access management (IAM) for every service your organization may use, and eliminating managing passwords everywhere.

pfSense is a popular open source firewall and router that provides multiple interfaces for external authentication, even multi-factor authentication (MFA) through RADIUS. The prerequisites to secure access to pfSense using MFA through JumpCloud’s services are:

  • JumpCloud’s RADIUS services
  • JumpCloud’s MFA services
  • JumpCloud’s cloud directory groups, with specific settings outlined below

Using MFA and RADIUS for Access Control

JumpCloud makes it possible for a RADIUS challenge to incorporate TOTP tokens, using the the JumpCloud Protect™ multi-factor authentication app. User passwords are amended to include a token every time a user logs into the appliance. Users are managed from within JumpCloud’s directory groups, which are bound with a RADIUS configuration that’s specific to pfSense. Our directory determines that every group within that group must be enrolled with MFA services to log into any service that JumpCloud connects them to, including pfSense. A user group account within pfSense determines what level of admin rights are assigned.

Setting Up JumpCloud RADIUS, MFA

Every JumpCloud account includes RADIUS services, which are configured using the following steps.

To configure RADIUS, MFA for a new server:

  1. Log in to the JumpCloud Admin Portal:
  2. Go to User Authentication > RADIUS.
  3. Click ( + ). The new RADIUS server panel appears.
  4. Configure the (Read more…)