MFA on PAN-OS Firewall (okta integrated) redirects on GP instead of browser for HTTP resources.

dramchandani — Mon, 25 Sep 2023 21:06:34 GMT

I have MFA deployed on the firewall ( okta integrated), based on implementation if user is accessing http/https based resources then redirect will happen in Browser however, for non-http applications MFA will prompt on GP client App,

Please note port 4501 added into the system's firewall rule.

I have an issue where users are seeing some inconsistency in prompt, some users are seeing the redirect on the browser but intermittently on GP The users are hitting to single auth policy in the firewall. it is very intermittent prompt on GP , can't able to reproduce the issue at will

Appreciate if someone can assist what to debug in this? what configuration option that needs to be take care to get the HTTP redirects on browser?

topic MFA on PAN-OS Firewall (okta integrated) redirects on GP instead of browser for HTTP resources. in GlobalProtect Discussions

MFA on PAN-OS Firewall (okta integrated) redirects on GP instead of browser for HTTP resources.