topic Re: Global Protect Agent as an EAP-TLS Supplicant in General Topics

Global Protect Agent as an EAP-TLS Supplicant

amansour — Wed, 21 Sep 2011 18:37:32 GMT

Hey All; For WI-FI Customers that want to perform EAP-TLS authentication is there any way we can use the global protect agent as a supplicant to a Wireless or Wired Access point? maybe taking their local credentials from Windows, then proxy the auth to a RADIUS server in the back-end through the firewall?

Re: Global Protect Agent as an EAP-TLS Supplicant

Bart_Jocque — Mon, 26 Sep 2011 07:01:53 GMT

No you can't.

A workarround would be to replace the wifi authentication with user-authentication on the PAN.

Re: Global Protect Agent as an EAP-TLS Supplicant

amansour — Tue, 11 Oct 2011 19:35:13 GMT

While you can't use it as a EAP-TLS supplicant. The agent can allow encrypted connections in with captive portal as you mentioned.

When you do use EAP-TLS and a certifiate or PEAP with Windows we did figure out a way to use the reporting from the wireless (Aruba/Cisco) into the accounting records as long as they used a RADIUS server.

Re: Global Protect Agent as an EAP-TLS Supplicant

amansour — Tue, 17 Jan 2012 19:00:25 GMT

We have modified our companion product to support this for anyone looking to authenticate over EAP-TLS with certifcates and put the identity into the Firewall we can support this integration. www.spyders.ca.