Hello,
at the moment i'm authenticating users via the local database on palo alto firewall for vpn gp users; what 'id like to do is trying to authenticate vpn users via Cisco Ise.
I've configured local users on Ise and what i want to do is that when a user tries to login, ise checks if the user is present in the local group, and if present it sends a radius-accept packet back to the Palo alto firewall.
On ise side everything it's working but i'm receiving the "Matching client config not found" in the global protect:
this is the log from gp monitor:
and this is the actual rule:
what i can't understand is how to get the correct client config, because this setting is configured on the gateway tab but it's referred to only gp local database users.......
Did you face this issue? Do you know how to fix?
Furthermore how should the policy be configured? I can't use any filter in source ip/user because i don't know how to retrieve this data.
thank you
Regards
