Multi-Factor Authentication for GlobalProtect

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Multi-Factor Authentication for GlobalProtect

Cyber Elite
Cyber Elite

Hello All,

I know the documetnation states to use a certificate as one form of authentication or hte mult-factor. However has anyone out there setup different authentication profiles for their portal and gateway configs? I'm wondering if setting up say radius otp for one and ldap/AD for the other.

 

Thoughts?

1 accepted solution

Accepted Solutions

I have tested the following and it worked perfect:

 

Portal authentication:

 

LDAP and client certificate

 

Gateway authentication:

 

RADIUS and client certificate

 

However I have not tested RADIUS with OTP but it should work. 

 

Please try and update us

 

Rate the helpful answer.

View solution in original post

5 REPLIES 5

L5 Sessionator

Are you trying so say that One authentication profile will be Certificate but the other one will be RADIUS or LDAP?

Sorry for not clarifying, but no. One method would be radius and the other would be ldap/AD.

I have tested the following and it worked perfect:

 

Portal authentication:

 

LDAP and client certificate

 

Gateway authentication:

 

RADIUS and client certificate

 

However I have not tested RADIUS with OTP but it should work. 

 

Please try and update us

 

Rate the helpful answer.

Thanks for the verification! I also just did this and its working as designed :). It would be nice if PAN would ask for both credentials in the initial logon, similar to what CIsco AnyConnect does. I'll put it in as an enhancement request.

used duosecurity as MFA solution. its a bit of a hack to work with palo, with poor instructions and has limitations but once it works it does work smoothly.

  • 1 accepted solution
  • 3750 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!