01-24-2024 02:03 AM
Hi All,
We need to setup a specific user group in Radius should only access the GP. No other users should access GP. Currently authentication method set for GP is Radius and in the same radius we need a specific group of users only to authenticate.
May i know how i can acheive this please? Do i need to setup something like Data Redistribution server config or anything?
Regards,
Sanjay S
01-24-2024 03:00 PM
In the authentication profile just add the group/user(s) that you want to allow into the allow list, if the user is not in that group they'll be denied. I'd go a step further and ensure that on your GlobalProtect Gateway under Agent -> Client Settings that you again only have the group/user(s) that you intent to allow. This way you need a misconfiguration in both places to actually have unexpected access to GlobalProtect.
01-25-2024 04:43 AM
Thank you @BPry this is what i thought, but i have this doubt, if I just update the user group how will Palo firewall knows where to fetch the User Group details from? Or in the Radius configured, instead of All users do i need to give User Group info there as well?
Regards,
Sanjay S
02-06-2024 07:40 AM
Any suggestion on the above please? Do i need to configure any Data Redistribution or LDAP server to get that groups checked?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
