Two-factor PAN webconsole authentication

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Two-factor PAN webconsole authentication

L0 Member

Hi,


I would like to use a two-factor authentication for the administrators when they access the PAN-500 web console.

With an authentication sequence I can use 2 ways to authenticate but I want to force the use of both. Is that possible?

3 REPLIES 3

L2 Linker

As far as I know, that would only be possible if combining a Certificate Profile with the Authentication Profile.

For proper 2FA, you should have a dedicated RADIUS 2FA server.

And with 'certificate profile' you mean the new function in 7.0 right?

Hello Oasen,

 

I'm currently running PAN-OS 7.1.2 on a PA-200 and recently added Two-factor Authentication for administrator account logins using the Duo Security 2FA system.  Here's a link to the web site that describes how to set up 2FA with the GlobalProtect VPN.  https://duo.com/docs/paloalto

 

If you follow all of the steps from the beginning through "Add an Authentication Profile", you will just need to add the new DuoRADIUS Authenication Profile to the administrator accounts that you would like to have authenticated via Two-factor Authentication.

 

It works GREAT!

 

Kind regards,

Jeff 

  • 4355 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!