I was trying to add Peap-MSchapV2 for our Radius Authentication for Management Interface.
I configured Radius Server Profile with PAP with Windows NPS, seems everything is working fine. And then I generate a new Certificate Signing request and signed by Organisations CA server, and downloaded the intermediate certificate etc and uploaded to PA and Testing Domain Windows 10 Machine. Once I switched to Peap-MsChapV2, the whole management interface is down for the error 400 SSL bad request. had to log in to CLI and delete the management profile and put it back.
Wondering if anyone successfully configured management interface with authentication Radius "Peap MsChapv2"? We just want to have some Domain Admin Users to be able to log into PA to manage etc. Or we have to use Tacacs+ for this feature?
Might have been the certificate profile since the certificate was changed? Also I would not recommend using a domain admin account to log onto the Palo Alto. Create new credentials that only log onto the firewall. I know its a pain to have multiple accounts, however its best practice so separate accounts and functions.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!