https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-multiple-auth-failed/m-p/548606#M4192 <P>My GP is only using local database authentication.</P> <P>My goal was for a small group to have access to specific resources and the everyone else to have access to much narrower resources.</P> <P>I created 2 Authentication Profiles:&nbsp; 1 with the limited members and the other with everyone else.&nbsp; The one with limited members I created a local User Group and used that in the Auth profile.&nbsp; The other Auth Profile I just added all the other local users directly.</P> <P>&nbsp;</P> <P>What I tried was in both the Portal and Gateway was to create 2 Auths under Portal&gt; Agent and under Gateway &gt; Agent &gt; Client settings.&nbsp; I set the order so the limited group Auth came first specifying the local User Group and then a 2nd Auth with the Users set to any.</P> <P>&nbsp;</P> <P>Per the logs, the Portal authenticated just fine.&nbsp; The issue was at the Gateway where authentication was failing.</P> <P>Under Monitor &gt; Global Protect the log was showing gateway authentication was failing with "Authentication failed:&nbsp; invalid username or password".&nbsp; We did verify that the correct username and password was being used.</P> <P>&nbsp;</P> <P>In an effort to get things working I ended up creating and Authentication sequence, removed the second Auth from both the Portal and the Gateway and then it all started working correctly.&nbsp; It's just not what I wanted.&nbsp; I had to "fix" it by using Security Policies to limit who had access to what.</P> <P>&nbsp;</P> <P>I checked the documentation and forums and couldn't find anything on my situation.&nbsp; AFAIK I was setting this up and using it as intended.&nbsp; Again, Portal auth worked fine but it failed at the Gateway.</P> <P>&nbsp;</P> <P>Anyone can shed some light?</P> <P>&nbsp;</P> <P>Thanks</P> Fri, 07 Jul 2023 18:02:19 GMT CafNetMatt 2023-07-07T18:02:19Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-multiple-auth-failed/m-p/548606#M4192 <P>My GP is only using local database authentication.</P> <P>My goal was for a small group to have access to specific resources and the everyone else to have access to much narrower resources.</P> <P>I created 2 Authentication Profiles:&nbsp; 1 with the limited members and the other with everyone else.&nbsp; The one with limited members I created a local User Group and used that in the Auth profile.&nbsp; The other Auth Profile I just added all the other local users directly.</P> <P>&nbsp;</P> <P>What I tried was in both the Portal and Gateway was to create 2 Auths under Portal&gt; Agent and under Gateway &gt; Agent &gt; Client settings.&nbsp; I set the order so the limited group Auth came first specifying the local User Group and then a 2nd Auth with the Users set to any.</P> <P>&nbsp;</P> <P>Per the logs, the Portal authenticated just fine.&nbsp; The issue was at the Gateway where authentication was failing.</P> <P>Under Monitor &gt; Global Protect the log was showing gateway authentication was failing with "Authentication failed:&nbsp; invalid username or password".&nbsp; We did verify that the correct username and password was being used.</P> <P>&nbsp;</P> <P>In an effort to get things working I ended up creating and Authentication sequence, removed the second Auth from both the Portal and the Gateway and then it all started working correctly.&nbsp; It's just not what I wanted.&nbsp; I had to "fix" it by using Security Policies to limit who had access to what.</P> <P>&nbsp;</P> <P>I checked the documentation and forums and couldn't find anything on my situation.&nbsp; AFAIK I was setting this up and using it as intended.&nbsp; Again, Portal auth worked fine but it failed at the Gateway.</P> <P>&nbsp;</P> <P>Anyone can shed some light?</P> <P>&nbsp;</P> <P>Thanks</P> Fri, 07 Jul 2023 18:02:19 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-multiple-auth-failed/m-p/548606#M4192 CafNetMatt 2023-07-07T18:02:19Z