I want to know if it's possible to use two factor for a succeed authentication with GlobalProtect Client. I explain it.
In the configuration of GlobalProtect Client, you can define two method for the authentication of the clients (portals and gateways are the same configuration):
- Authentication Profile: you can define LDAP, Radius, local database
- Client Certificate profile: you put a specific certificate Root CA for the validation of the clients certificates
Is it possible to combine the two methods to validate the users for the authentication via Global Protect client ? With an another product like Juniper SecureAccess.
In the documentation, it's specified if you use the method "Client certificate profile" : In this SSL‐VPN configuration, we’re not using another form of authentication. We’re simply utilizing the client certificate to authenticate ssl‐vpn connections.
Thanks for your help the PaloAlto community
Based on the video at Strong authentication for Palo Alto Secure Access SSL VPN Solutions | Nordic Edge | The Provider of... I think it should somehow be possible (however they are using user/pass + OTP, from your description I think you want cert + user/pass).
Theres a technote also at Palo Alto Networks Integration till Nordic Edge One Time Password Server | Nordic Edge | Levererar ...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!