topic Re: Global Protect user authentication in General Topics

Global Protect user authentication

bobby549049 — Mon, 11 Jun 2012 04:56:13 GMT

It seems that Global Protect will send user authentication request twice per logon.

I setup a lab and the backend authentication server is RADIUS Server, and I find there will be two access request per logon.

Is it correct? Is there any parameters I can configuration to make it send one authentication request?

Regards, Bobby

BrutalDismount — Mon, 11 Jun 2012 12:50:31 GMT

Perhaps it is one authentication for the portal and one for the gateway? That is what I see in my Globalprotect environment.

bobby549049 — Mon, 11 Jun 2012 13:53:07 GMT

Hi timshannon,

Thanks for your reply.

I don't know if there are some parameters/configuration I can modify to make it authenticate once per logon.

In fact, I met a trouble about it (twice authentication per logon).

A client needs strong authentication for user access and OTP is necessary for them.

But they cannot understand why they need to input two password....

The input password will be "AD'password + OTP" and "AD's password + another OTP"

Does anybody have good idea to convince customer that the Disign is reasonable if there is no parameters/configuation I can modify?

Not only official declaration but distributor/reseller point view is appreciated.

Regards, Bobby

bobby549049 — Fri, 15 Jun 2012 05:19:34 GMT

Hi timshannon,

Thanks for your reply. You are correct.

I forgot that both of Portal and Gateway needing authentication and can use different authentiation profiles.

Regards, Bobby