Showing results for 
Search instead for 
Did you mean: 

The Enhanced LIVEcommunity Experience is finally here! Learn all about it.

L7 Applicator

With users working from home, sales reps needing to access backend systems, engineers updating systems on a customer's infrastructure and many more reasons for users not to be in an office, VPN has become extremely common in today's work environment. 


A security admin's task is to ensure all these connections are secure while not hindering people's ability to work. Ensuring a sufficiently secure encryption protocol is one thing ,(you don't want an md5 - 3DES tunnel), but it doesn't stop there. 

Even the most rigid encryption algorythms can easily be bypassed if the password that's used to establish the tunnel is guessed ('123456' and 'password' are still the most widely used passwords, has no one seen Hackers?)


Requiring users to remember 256-character long passwords, including wingdings characters, is also not an option. One solution is to introduce Multifactor Authentication where users add a PIN to their password or, even better, use only One Time Passwords (OTP) to authenticate to GlobalProtect.


SivasekharanRajasekaran ( @srajasekar ), a Senior Technical Engineer with Palo Alto Networks, wrote a really cool article on how to set up OTP based 2FA using RADIUS or SAML so you have full freedom of choice when picking which OTP provider suits your needs best.


You can read up on the implementation here:

GlobalProtect: One Time Password based Two Factor Authentication



Feel free to leave remarks or questions in the comments below.


Stay secure!


Reaper out!

L1 Bithead
The link is dead.
L7 Applicator

@LorenzoM  it is not? Please try again! You may need to clear your browser cache or try a different browser

L1 Bithead

The link I'm referring to is this one:




It doesn't work in Chrome or Firefox (both normal and incognito/private mode) on two different PCs, but it does work on my mobile Chrome. Very weird! Thanks for the assist!

Community Team Member

I have tested that link, and it does work. I defer to what @reaper said, please delete cookies and clear cache and try it again.

L7 Applicator
Since it works on your mobile, could you try some basic troubleshooting on your PCs? I would suspect an upstream firewall or ISP peering issue could be the culprit
Register or Sign-in
About the Author
I drink and I know things
Top Liked Authors