Thanks. And to clarify if a user isn't defined as an Administrator or as a Captive Portal or GlobalProtect user either explicitly or as a group member, then authentication will fail with something like an "Authentication profile not found for the user" message in the system log? Simply selecting 'all' in the allow list does not grant everyone the ability to login to the firewall, correct?
Yes I think so...
I only say "think so" as i have never used any other option than "ALL". so i dont know what the system log would say... but i'm sure you have already seen this...
To allow all only means that all users can attempt to authenticate against this profile...
ok just tested the auth with a test profile without me in the allow list.
system log ...
failed authentication for user "Me" Reason: user is not in allow list. auth profile Radius Test.
I did a similar test and got a similar result.
AFAIK setting the allow list to 'all' and relying on authentication profiles is the cleanest way to go about provisioning permissions, but if I'm mistaken please let me know.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!