Originally, I was going to setup GP with RSA MFA using this document: "RSA SECURID® ACCESS Implementation Guide Palo Alto Networks Next Gen Firewall 8.0"
It is written by RSA and is woefully lacking in detail and after seven hours on the phone with Palo support I decided to abandon that idea for now.
At this point I'd just like to get GP working in any capacity, but I can't seem to find any documentation that speak to what I need. I understand that everyone's cirumstances are different and documentation would be tough to write for every unique situation. That's why I'm hoping someone is willing to get out the coloring book and crayons to help walk me though this.
I'd like to have an external only VPN (just about every Google search come up with either Internal only or internal/external combo setups). Portal and gateway on same device.
I'm fairly certain that my main issue is with step one, the configuration of the Interface. I'm trying to follow this: https://docs.paloaltonetworks.com/globalprotect/8-0/globalprotect-admin/get-started/create-interface... but clearly not having much luck.
Ethernet Internet setup like this:
Interface Type Mgt Profile IP Address VR Security Zone
eth1/1 L3 Allow-ping Routable.10/24 vr1 Outside
I have another routable.20/32 for GP.
What's the best way to get started. Remember, coloring book and crayons. You're not going to offend me.
I actually got it to work, I thought about what you said @MickBall and opted to give that (Radius) a go, but from the RSA Cloud Administration Console (CAC).
In case anyone ever comes across this post:
Here is how you configure the CAC for Radius:
From there, just follow the usual Palo Radius addition.
What this gives you is from :20 through minute 1:15 of this video: https://www.youtube.com/watch?v=765nH8if-9Q
Big thank you to Sean Martin from Palo Tech Support. He scheduled a call with me everyday for like a week and a half until we worked through all the issues.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!