Radius Group for GP authentication

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Radius Group for GP authentication

L4 Transporter

Hi All,

We need to setup a specific user group in Radius should only access the GP. No other users should access GP. Currently authentication method set for GP is Radius and in the same radius we need a specific group of users only to authenticate.

May i know how i can acheive this please? Do i need to setup something like Data Redistribution server config or anything?

Regards,

Sanjay S

3 REPLIES 3

Cyber Elite
Cyber Elite

@Sanjay_Ramaiah,

In the authentication profile just add the group/user(s) that you want to allow into the allow list, if the user is not in that group they'll be denied. I'd go a step further and ensure that on your GlobalProtect Gateway under Agent -> Client Settings that you again only have the group/user(s) that you intent to allow. This way you need a misconfiguration in both places to actually have unexpected access to GlobalProtect.

 

Thank you @BPry  this is what i thought, but i have this doubt, if I just update the user group how will Palo firewall knows where to fetch the User Group details from? Or in the Radius configured, instead of All users do i need to give User Group info there as well?

Regards,

Sanjay S

L4 Transporter

Any suggestion on the above please? Do i need to configure any Data Redistribution or LDAP server to get that groups checked?

  • 1022 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!