topic Several client authentication in a Gateway in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/several-client-authentication-in-a-gateway/m-p/540032#M3975 <P>Hi,</P> <P>we have a PA-850 running 10.1.8 firmware.</P> <P>We currently use GlobalProtect VPN using Symantec VIP authentication via RADIUS.</P> <P>We want to progressively migrate the authentication to Azure AD MFA (already synced with all accounts). I was wondering if I could simply add the new client authentication to the list and use it as a fall back authentication method.</P> <P>My approach was to remove user accounts one by one from Symantec Database. Then, the user opens global protect which first tries to authenticate against Symantec and after the failure falls back to Azure AD.</P> <P>is this the expected behaviour? Nothing is mentioned in the documentation&nbsp;<BR /><A href="https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-gateways/configure-a-globalprotect-gateway" target="_blank">https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-gateways/configure-a-globalprotect-gateway</A></P> <P>&nbsp;</P> <P>many thanks</P> Tue, 25 Apr 2023 08:29:09 GMT JoseCortijo 2023-04-25T08:29:09Z Several client authentication in a Gateway https://live.paloaltonetworks.com/t5/globalprotect-discussions/several-client-authentication-in-a-gateway/m-p/540032#M3975 <P>Hi,</P> <P>we have a PA-850 running 10.1.8 firmware.</P> <P>We currently use GlobalProtect VPN using Symantec VIP authentication via RADIUS.</P> <P>We want to progressively migrate the authentication to Azure AD MFA (already synced with all accounts). I was wondering if I could simply add the new client authentication to the list and use it as a fall back authentication method.</P> <P>My approach was to remove user accounts one by one from Symantec Database. Then, the user opens global protect which first tries to authenticate against Symantec and after the failure falls back to Azure AD.</P> <P>is this the expected behaviour? Nothing is mentioned in the documentation&nbsp;<BR /><A href="https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-gateways/configure-a-globalprotect-gateway" target="_blank">https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-gateways/configure-a-globalprotect-gateway</A></P> <P>&nbsp;</P> <P>many thanks</P> Tue, 25 Apr 2023 08:29:09 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/several-client-authentication-in-a-gateway/m-p/540032#M3975 JoseCortijo 2023-04-25T08:29:09Z