Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

GlobalProtect Portal with DUO and LocalUser Scenario (without AD)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect Portal with DUO and LocalUser Scenario (without AD)

L1 Bithead

Good day!

Who know and can help:

Is scenario when it is working NGFW PA-220, LocalUser , GlobalProtect and Duo 2FA (without AD, RADIUS, LDAP etc.) for small users group (like 10 members vpn)? 

I believe in that  very simple way, but didn't found out information about it, and configuration example.

 

https://community.duo.com/t/paloalto-globalprotect-portal-with-duo-and-localuser-scenario-without-ad...

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/authentication/configure-multi-factor-auth...

https://help.duo.com/s/article/4254?language=en_US

https://www.reddit.com/r/paloaltonetworks/comments/9uq5os/globalprotect_and_duo_native_mfa/

 

Thanks.

1 accepted solution

Accepted Solutions

L6 Presenter

Duo can't be used for MFA for local users of Palo Alto Global Protect. It seems to be limitation of PA devices. We tried same in the past in our environment and engineer said it's not possible. Even Duo have one article on it.

 

https://help.duo.com/s/article/2322?language=en_US

 

Duo MFA solution for Captive Portal of Palo Alto will work with a local database but i think it will not fulfill your use case.

 

Hope it helps!

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks

View solution in original post

1 REPLY 1

L6 Presenter

Duo can't be used for MFA for local users of Palo Alto Global Protect. It seems to be limitation of PA devices. We tried same in the past in our environment and engineer said it's not possible. Even Duo have one article on it.

 

https://help.duo.com/s/article/2322?language=en_US

 

Duo MFA solution for Captive Portal of Palo Alto will work with a local database but i think it will not fulfill your use case.

 

Hope it helps!

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks
  • 1 accepted solution
  • 3740 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!