On the PAN 5020 I can see in logging that user successfully authenticates with MFA and radius but within a second it says the user has logged off. I know that in fact the user did not log off. I hope to grab some logs at the client next week. But I figured I'd ask the hive mind if anyone has ever seen this symptom and what they found. Thanks.
Are they using “one time passcodes”
if so then the portal will auth ok but GP will re-use the passcode for gateway and radius will reject.
If so you need to configure authentication overide to generate cookies.
Or.... perhaps the assigned ip for GP is within the same subnet as the client ip. If so then you will need to add a second ip range to your pool.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!