- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-10-2022 03:14 PM
Hi All,
I would like to access Global Protect for myself using different profile to access one of our resources subnet 10.21.xx.xx.
I want to access without having to go through 2FA. Any idea for it? is it possible?
Do we need to create another gateway on the GP for a single user?
02-10-2022 05:38 PM - edited 02-16-2022 08:51 AM
Hi @isentric89 ,
Yes, you can have different authentication methods for different users.
You do not need a new gateway. With regard to access to resources, that is controlled in the security policy.
Thanks,
Tom
Edit: Thank you @aleksandar.astardzhiev for the feedback! I actually made this same mistake when doing this for a customer months ago, and forgot my lesson learned! I have corrected my steps above.
02-10-2022 05:38 PM - edited 02-16-2022 08:51 AM
Hi @isentric89 ,
Yes, you can have different authentication methods for different users.
You do not need a new gateway. With regard to access to resources, that is controlled in the security policy.
Thanks,
Tom
Edit: Thank you @aleksandar.astardzhiev for the feedback! I actually made this same mistake when doing this for a customer months ago, and forgot my lesson learned! I have corrected my steps above.
02-15-2022 11:39 PM
Hey @TomYoung ,
Will the GP falback to the second authentication schema, if the first one reject the the user?
I have used two authentication schema only for two different types of OS, so I got the impresion that GP will select auth schema based on the OS, top-to-bottom, but it reject the authentication it will not falback to the rest in the list.
I was thinking more like using authentication sequence
- Create auth sequenece and put the authentication profile without MFA first and second the auth profile with MFA
- Non-MFA profile can be configured with allow list as you suggested
- Use the Authentication Sequence as authentication schema for GlobalPortect Portal and Gateway authentication.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!