GlobalProtect Portal with DUO and LocalUser Scenario (without AD)

Reply
Highlighted
L1 Bithead

GlobalProtect Portal with DUO and LocalUser Scenario (without AD)

Good day!

Who know and can help:

Is scenario when it is working NGFW PA-220, LocalUser , GlobalProtect and Duo 2FA (without AD, RADIUS, LDAP etc.) for small users group (like 10 members vpn)? 

I believe in that  very simple way, but didn't found out information about it, and configuration example.

 

https://community.duo.com/t/paloalto-globalprotect-portal-with-duo-and-localuser-scenario-without-ad...

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/authentication/configure-multi-factor-auth...

https://help.duo.com/s/article/4254?language=en_US

https://www.reddit.com/r/paloaltonetworks/comments/9uq5os/globalprotect_and_duo_native_mfa/

 

Thanks.


Accepted Solutions
Highlighted
L6 Presenter

Duo can't be used for MFA for local users of Palo Alto Global Protect. It seems to be limitation of PA devices. We tried same in the past in our environment and engineer said it's not possible. Even Duo have one article on it.

 

https://help.duo.com/s/article/2322?language=en_US

 

Duo MFA solution for Captive Portal of Palo Alto will work with a local database but i think it will not fulfill your use case.

 

Hope it helps!

Mayur



Mayur

View solution in original post

Tags (1)

All Replies
Highlighted
L6 Presenter

Duo can't be used for MFA for local users of Palo Alto Global Protect. It seems to be limitation of PA devices. We tried same in the past in our environment and engineer said it's not possible. Even Duo have one article on it.

 

https://help.duo.com/s/article/2322?language=en_US

 

Duo MFA solution for Captive Portal of Palo Alto will work with a local database but i think it will not fulfill your use case.

 

Hope it helps!

Mayur



Mayur

View solution in original post

Tags (1)
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!