I'm looking at moving off Sonicwall NSA 3600 and onto a PAN appliance. One factor is that I'm currently using Sonicwall's VPN functionality which has some simple, built-in MFA in the form of TOPT codes that the user must put in each time they connect to the VPN. Its not dependent on any other service so its kind of nice that way. I was just wondering what PAN has in the form of MFA on VPN?
Yeah, the PA has a few built in MFA vendor connectors: DUO, Okta, PingID, and RSA SecureID. Additionally you can use a user/pass auth connection to an authentication server that issues MFA itself, via: Radius, TACACS, LDAP, Kerberos, or SAML.
In our case the PA does a Radius auth request to an inhouse DUO server, which authenticates user/pass against our AD and then sends the MFA code through a third party server. When the MFA succeeds the Radius returns a permit response. We are going to be moving to an Azure MFA and, although it isn't setup yet, I believe it will just be changing the auth profile to use a SAML connection and cert to Azure and receiving back the permit/deny response.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!