- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-23-2015 08:48 AM
Hello All,
I know the documetnation states to use a certificate as one form of authentication or hte mult-factor. However has anyone out there setup different authentication profiles for their portal and gateway configs? I'm wondering if setting up say radius otp for one and ldap/AD for the other.
Thoughts?
09-24-2015 02:18 AM
I have tested the following and it worked perfect:
Portal authentication:
LDAP and client certificate
Gateway authentication:
RADIUS and client certificate
However I have not tested RADIUS with OTP but it should work.
Please try and update us
Rate the helpful answer.
09-23-2015 08:56 AM
Are you trying so say that One authentication profile will be Certificate but the other one will be RADIUS or LDAP?
09-23-2015 08:57 AM
Sorry for not clarifying, but no. One method would be radius and the other would be ldap/AD.
09-24-2015 02:18 AM
I have tested the following and it worked perfect:
Portal authentication:
LDAP and client certificate
Gateway authentication:
RADIUS and client certificate
However I have not tested RADIUS with OTP but it should work.
Please try and update us
Rate the helpful answer.
09-25-2015 08:43 AM
Thanks for the verification! I also just did this and its working as designed :). It would be nice if PAN would ask for both credentials in the initial logon, similar to what CIsco AnyConnect does. I'll put it in as an enhancement request.
09-25-2015 02:03 PM
used duosecurity as MFA solution. its a bit of a hack to work with palo, with poor instructions and has limitations but once it works it does work smoothly.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!