https://live.paloaltonetworks.com/t5/general-topics/multi-factor-authentication-for-globalprotect/m-p/65115#M38928 <P>Thanks for the verification! I also just did this and its working as designed :). It would be nice if PAN would ask for both credentials in the initial logon, similar to what CIsco AnyConnect does. I'll put it in as an enhancement request.</P> Fri, 25 Sep 2015 15:43:56 GMT OtakarKlier 2015-09-25T15:43:56Z https://live.paloaltonetworks.com/t5/general-topics/multi-factor-authentication-for-globalprotect/m-p/65008#M38883 <P>Hello All,</P><P>I know the documetnation states to use a certificate as one form of authentication or hte mult-factor. However has anyone out there setup different authentication profiles for their portal and gateway configs? I'm wondering if setting up say radius otp for one and ldap/AD for the other.</P><P>&nbsp;</P><P>Thoughts?</P> Wed, 23 Sep 2015 15:48:30 GMT https://live.paloaltonetworks.com/t5/general-topics/multi-factor-authentication-for-globalprotect/m-p/65008#M38883 OtakarKlier 2015-09-23T15:48:30Z https://live.paloaltonetworks.com/t5/general-topics/multi-factor-authentication-for-globalprotect/m-p/65009#M38884 <P>Are you trying so say that One authentication profile will be Certificate but the other one will be RADIUS or LDAP?</P> Wed, 23 Sep 2015 15:56:20 GMT https://live.paloaltonetworks.com/t5/general-topics/multi-factor-authentication-for-globalprotect/m-p/65009#M38884 pankaku 2015-09-23T15:56:20Z https://live.paloaltonetworks.com/t5/general-topics/multi-factor-authentication-for-globalprotect/m-p/65010#M38885 <P>Sorry for not clarifying, but no. One method would be radius and the other would be ldap/AD.</P> Wed, 23 Sep 2015 15:57:37 GMT https://live.paloaltonetworks.com/t5/general-topics/multi-factor-authentication-for-globalprotect/m-p/65010#M38885 OtakarKlier 2015-09-23T15:57:37Z https://live.paloaltonetworks.com/t5/general-topics/multi-factor-authentication-for-globalprotect/m-p/65048#M38902 <P>I have tested the following and it worked perfect:</P><P>&nbsp;</P><P><STRONG>Portal authentication:</STRONG></P><P>&nbsp;</P><P>LDAP and client certificate</P><P>&nbsp;</P><P><STRONG>Gateway authentication:</STRONG></P><P>&nbsp;</P><P>RADIUS and client certificate</P><P>&nbsp;</P><P>However I have not tested RADIUS with OTP but it should work.&nbsp;</P><P>&nbsp;</P><P>Please try and update us</P><P>&nbsp;</P><P>Rate the helpful answer.</P> Thu, 24 Sep 2015 09:18:14 GMT https://live.paloaltonetworks.com/t5/general-topics/multi-factor-authentication-for-globalprotect/m-p/65048#M38902 pankaku 2015-09-24T09:18:14Z https://live.paloaltonetworks.com/t5/general-topics/multi-factor-authentication-for-globalprotect/m-p/65115#M38928 <P>Thanks for the verification! I also just did this and its working as designed :). It would be nice if PAN would ask for both credentials in the initial logon, similar to what CIsco AnyConnect does. I'll put it in as an enhancement request.</P> Fri, 25 Sep 2015 15:43:56 GMT https://live.paloaltonetworks.com/t5/general-topics/multi-factor-authentication-for-globalprotect/m-p/65115#M38928 OtakarKlier 2015-09-25T15:43:56Z https://live.paloaltonetworks.com/t5/general-topics/multi-factor-authentication-for-globalprotect/m-p/65126#M38935 <P>used duosecurity as MFA solution. its a bit of a hack to work with palo, with poor instructions and has limitations but once it works it does work smoothly.</P> Fri, 25 Sep 2015 21:03:38 GMT https://live.paloaltonetworks.com/t5/general-topics/multi-factor-authentication-for-globalprotect/m-p/65126#M38935 ulti 2015-09-25T21:03:38Z