GlobalProtect to Facilitate Multi-Factor Authentication Notifications

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect to Facilitate Multi-Factor Authentication Notifications

L2 Linker

I'm working on setting this up, however when the popup box appears on the laptop wanting me to click on the link for additional authentication I am brought to a webpage saying the connection has timed out. Now the url is going after <ip address>:6081. If I do a port scan against the IP address I do not see it listening on port 6081. I have wide open access to the backend IP address.

 

Any suggestions?

4 REPLIES 4

L2 Linker

@zthiel,

Are you being directed towards your MFA source or are you being directed to the firewall? 

I am being directed to the interface IP that I have setup on the External GlobalProtect Gateway as shown on the diagram. That IP address I have setup on the Captive Portal config (redirect section) of our device that is shown as the MFA Gateway on the diagram.

I'm faily certain that based on what you described it sounds like you're being directed back to your firewall, as you should, to enforce your MFA requirements.

 

 

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/firewall-administration/reference-po...

 

It's kinda weird to see, but Palo appends your destination site, with specific syntax / port usage to enforce cetain policies like MFA / 'Click to Continue' URL options.

 

 

--Edit--

So the IP that you're seeing in the URL bar is really your desitination IP address, and the port your're also seeing (6081) is actually being refrenced to your firewall not the port actually being opened on the destination IP address.

  • 3140 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!