Two-factor PAN webconsole authentication

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L0 Member

Two-factor PAN webconsole authentication

Hi,


I would like to use a two-factor authentication for the administrators when they access the PAN-500 web console.

With an authentication sequence I can use 2 ways to authenticate but I want to force the use of both. Is that possible?

Highlighted
L2 Linker

As far as I know, that would only be possible if combining a Certificate Profile with the Authentication Profile.

For proper 2FA, you should have a dedicated RADIUS 2FA server.

Highlighted
L0 Member

And with 'certificate profile' you mean the new function in 7.0 right?

Highlighted
L4 Transporter

Hello Oasen,

 

I'm currently running PAN-OS 7.1.2 on a PA-200 and recently added Two-factor Authentication for administrator account logins using the Duo Security 2FA system.  Here's a link to the web site that describes how to set up 2FA with the GlobalProtect VPN.  https://duo.com/docs/paloalto

 

If you follow all of the steps from the beginning through "Add an Authentication Profile", you will just need to add the new DuoRADIUS Authenication Profile to the administrator accounts that you would like to have authenticated via Two-factor Authentication.

 

It works GREAT!

 

Kind regards,

Jeff 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!