03-07-2018 01:33 PM
I'm working on setting this up, however when the popup box appears on the laptop wanting me to click on the link for additional authentication I am brought to a webpage saying the connection has timed out. Now the url is going after <ip address>:6081. If I do a port scan against the IP address I do not see it listening on port 6081. I have wide open access to the backend IP address.
Any suggestions?
03-07-2018 02:10 PM
Are you being directed towards your MFA source or are you being directed to the firewall?
03-08-2018 05:58 AM
I am being directed to the interface IP that I have setup on the External GlobalProtect Gateway as shown on the diagram. That IP address I have setup on the Captive Portal config (redirect section) of our device that is shown as the MFA Gateway on the diagram.
03-10-2018 07:54 AM - edited 03-10-2018 07:56 AM
I'm faily certain that based on what you described it sounds like you're being directed back to your firewall, as you should, to enforce your MFA requirements.
It's kinda weird to see, but Palo appends your destination site, with specific syntax / port usage to enforce cetain policies like MFA / 'Click to Continue' URL options.
--Edit--
So the IP that you're seeing in the URL bar is really your desitination IP address, and the port your're also seeing (6081) is actually being refrenced to your firewall not the port actually being opened on the destination IP address.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
