Multi Factor Authentication Raduis Server Must be Restarted in order for MFA to Function Properly

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Multi Factor Authentication Raduis Server Must be Restarted in order for MFA to Function Properly

L2 Linker

I am currently testing Multifactor Authentication using a Radius Server.

1. I have a test group of users who have been configured on my Radius Server

2. The MFA Radius server is alway reachable via ping/icmp at all times

3. MFA via the Radius Server works as normal for a time period ranging from 24-72 hours (i.e users log in using Global Protect Client and after entering in their Active Directory credentials, they then receive a code via text. Once they enter the code, they are allowed acces to the netowrk.

4. After 24-72 hours, users in my test group no longer receive an autentication code via text after loggin in to the Global Protect Client. After they enter their AD credentials, they are allowed access to the network.

5. In order to get MFA functioning properly again, I have to reboot the MFA Server

 

 

Has anyone experienced and resolved this issue?

6 REPLIES 6

Cyber Elite
Cyber Elite

@Victor.Newsom,

If you are having to reboot your MFA Server it would appear as though it's more of an issue with that server and not really the firewall at all. 

Thanks for the response...I am just trying to rule out all possibilities.

Hello,

If a test user is dropped after the lifetime and cannot log back in, can other test users still authenticate, i.e. ones that have not been timed out?

 

Just thinking out loud.

Thanks for the response. See my comments below

 

When MFA stops working, it stops working for all users in the test group. The login scenario sometimes is as follows

 

Test Users login on day 1: MFA functions properly ( users enter their ad credentials, receive code via text, enter code, access to network granted)

Test Users login on day 2: MFA does not function properly (user enters their ad credentials, no code is received but access to network is granted)

Yes I do and thanks for your response. It is appearing that this issue may be related to the PanOS Version that I am running.

  • 2819 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!