Global Protect Client

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L3 Networker

Global Protect Client

Hi

I'm using radius (rsa) to authenticate GP users and can't get me head around the GP client configuration - specifically the section where you need to put a username and password. How can this be possible when the RSA token changes every minute?

Can someone shed some light on this please

Thanks

Rod

Highlighted
L3 Networker

I should follow up with the following:

I want to use the SSL functionality of the PA and not the full blown GP features. I'm trying to get the same functionality as the older netconnect client.

Thanks.

Rod

Highlighted
L3 Networker
Highlighted
L3 Networker

Hi

Sorry I should have been more specific.

Before we updated to 4.x we used net connect to connect to the PA using SSL VPN. We used our RSA tokens to authenticate. I already had RSA configured and working.

The problem we have is since moving to PA 4.x. The global connect client requires a username and password as part of it's configuration. My question is how can you put a password in this field when the RSA tokens changes every 60 seconds. its not viable.

How can users who are using RSA tokens and have a RSA radius profile set up on the PA for authenticaiton actually authenticate without having to put a token passcode into the global protect password every time they connecto the the PA?

Somethings missing and I can't figure it out....

Thanks

Rod

Highlighted
Not applicable

We are having this same issue with no apparent resolution for the issue. We are pushing through support to get some answer so we can move forward otherwise we will need to stay on the 4.0.x code base as we have a mandate from the outside for two-factor in remote access.

Highlighted
L3 Networker

I have not been using the globalconnect that much, but I am also aiming for using a 2factor authentication.

Right now I use the normal user/pass approach. So it dont work if you type in a new password in the globalconnect client before hitting the "connect" function?

Thanks

Highlighted
L0 Member

Has Anybody resolved this issue yet becasue I am in the same boat and our customers are not happy. Because of the auto authentication function we keep locking the OTP and the accounts which is very annoying and my customer is thinking of moving.

Highlighted
L2 Linker

I would recommend another solution for VPN personally, the RSA/GP solution is not enterprise ready to say the least.

My recommendation if you want to move with this LDPAP auth the portal, RSA the gateway

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!