WatchGuard Support Center

Knowledge Base - Article

 WatchGuard LDAP compatibility with updated Windows security options in March 2020


In March 2020, Microsoft will update all Windows systems to increase security for Active Directory/LDAP authentication. To learn more, see 2020 LDAP channel binding and LDAP signing requirement for Windows.

WatchGuard recommends that you use TLS for Active Directory and LDAP authentication. With this change, it will be mandatory for Windows authentication.  For instructions, see Configure LDAP Authentication.

For AuthPoint, you must also enable LDAPS in your external identity configuration. To learn more, see Sync Users from Active Directory or LDAP

WatchGuard software compatibility with the 2020 LDAP channel binding and LDAP signing requirement:

Firebox AuthenticationSupported
Management ServerSupported
WatchGuard Authentication Gateway (SSO Agent)Supported

Note: The SSO Agent supports LDAPS on port 389; it does not currently support LDAPS on port 636. For more information, see