topic Re: VPN SSL Two factor authentication in General Topics

VPN SSL Two factor authentication

Anahaym — Thu, 20 Oct 2016 15:11:08 GMT

Hi,

i'm looking for a solution for VPN, that will support authentication in Active Directory and will support Two Factor authentication with OTP.

I read that GlobalProtect can provide me all features.

My questions:

is there any Palo Alto native VPN client or WEB client only ?

if there is native VPN client:

- does it support Windows 10 and OS X 10.11 ?

- does it support OTP ?

If i'll buy some Palo Alto router should i pay for each VPN connection?

Could you recommend me some Palo Alto router? Main feature - VPN. Nothing else matters

Re: VPN SSL Two factor authentication

BPry — Thu, 20 Oct 2016 17:07:18 GMT

Palo's VPN native client is GlobalProtect, it really depends on what OTP vendor you are using to determine if it will function with it. They don't have a Web only client, you would need to use GlobalProtect.

VPN functionality is free as long as you don't go past one Portal and one Gateway I believe that there is no user limit as long as your device can handle it.

Which firewall you should purchase is based on the number of clients; I would really read up on GlobalProtect on Palo Alto's main website to determine if this fits what you are looking to do.

Side Note: If the only thing you are doing is VPN on a Palo product and you aren't going to be using HIP checking, applicaiton ID, or any of the major Palo selling points I'm not sure why you would pick up a Palo product. Setting it to the side of your network and using it as a VPN only device you lose everything that makes Palo products worth the price. In this case I would probably recommend an actual VPN Appliance or a cheap ASA 5505 if it was going to be used only for VPN.

Re: VPN SSL Two factor authentication

Anahaym — Fri, 21 Oct 2016 07:56:32 GMT

Hi BPry,

thank you for your answer.

We will use DUO OTP. It supports GlobalProtect.

Yes, we are looking only for a VPN solution for 30-40 users. How musch does cost a cheaper Solution from Palo Alto?

A had been asking Cisco... they offer from 4000 $.

Re: VPN SSL Two factor authentication

BPry — Fri, 21 Oct 2016 14:47:25 GMT

The Cisco solution that they are selling you is likely way over sec. You shouldn't need anything more than a 5508 with less than 50 users depending on your throughput requirements for those users. With just a VPN appliance I would actually be looking at something that was stricktly an actual VPN appliance.