OTP 2FA OMG

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Cyber Elite
Cyber Elite

With users working from home, sales reps needing to access backend systems, engineers updating systems on a customer's infrastructure and many more reasons for users not to be in an office, VPN has become extremely common in today's work environment. 

 

A security admin's task is to ensure all these connections are secure while not hindering people's ability to work. Ensuring a sufficiently secure encryption protocol is one thing ,(you don't want an md5 - 3DES tunnel), but it doesn't stop there. 

Even the most rigid encryption algorythms can easily be bypassed if the password that's used to establish the tunnel is guessed ('123456' and 'password' are still the most widely used passwords, has no one seen Hackers?)

 

Requiring users to remember 256-character long passwords, including wingdings characters, is also not an option. One solution is to introduce Multifactor Authentication where users add a PIN to their password or, even better, use only One Time Passwords (OTP) to authenticate to GlobalProtect.

 

SivasekharanRajasekaran ( @srajasekar ), a Senior Technical Engineer with Palo Alto Networks, wrote a really cool article on how to set up OTP based 2FA using RADIUS or SAML so you have full freedom of choice when picking which OTP provider suits your needs best.

 

You can read up on the implementation here:

GlobalProtect: One Time Password based Two Factor Authentication

 

 

Feel free to leave remarks or questions in the comments below.

 

Stay secure!

 

Reaper out!

5 Comments
L1 Bithead
The link is dead.
Cyber Elite
Cyber Elite

@LorenzoM  it is not? Please try again! You may need to clear your browser cache or try a different browser

L1 Bithead

The link I'm referring to is this one:

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm8ICAS

 

It doesn't work in Chrome or Firefox (both normal and incognito/private mode) on two different PCs, but it does work on my mobile Chrome. Very weird! Thanks for the assist!

L7 Applicator

I have tested that link, and it does work. I defer to what @reaper said, please delete cookies and clear cache and try it again.

Cyber Elite
Cyber Elite
Since it works on your mobile, could you try some basic troubleshooting on your PCs? I would suspect an upstream firewall or ISP peering issue could be the culprit
  • 13670 Views
  • 5 comments
  • 2 Likes
Register or Sign-in
About the Author
I drink and I know things
Labels
Top Liked Authors