Multi-Factor Authentication for GlobalProtect

Reply
L7 Applicator

Multi-Factor Authentication for GlobalProtect

Hello All,

I know the documetnation states to use a certificate as one form of authentication or hte mult-factor. However has anyone out there setup different authentication profiles for their portal and gateway configs? I'm wondering if setting up say radius otp for one and ldap/AD for the other.

 

Thoughts?

L5 Sessionator

Re: Multi-Factor Authentication for GlobalProtect

Are you trying so say that One authentication profile will be Certificate but the other one will be RADIUS or LDAP?

L7 Applicator

Re: Multi-Factor Authentication for GlobalProtect

Sorry for not clarifying, but no. One method would be radius and the other would be ldap/AD.

L5 Sessionator

Re: Multi-Factor Authentication for GlobalProtect

I have tested the following and it worked perfect:

 

Portal authentication:

 

LDAP and client certificate

 

Gateway authentication:

 

RADIUS and client certificate

 

However I have not tested RADIUS with OTP but it should work. 

 

Please try and update us

 

Rate the helpful answer.

L7 Applicator

Re: Multi-Factor Authentication for GlobalProtect

Thanks for the verification! I also just did this and its working as designed :). It would be nice if PAN would ask for both credentials in the initial logon, similar to what CIsco AnyConnect does. I'll put it in as an enhancement request.

Highlighted
L3 Networker

Re: Multi-Factor Authentication for GlobalProtect

used duosecurity as MFA solution. its a bit of a hack to work with palo, with poor instructions and has limitations but once it works it does work smoothly.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!