Using the PAN as a reverse proxy to protect web servers

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Using the PAN as a reverse proxy to protect web servers

Cyber Elite
Cyber Elite

Hello All,

So I have a scenario I'd like to see what others have done. Keep in mind we already do IP whitlisting and have all our defenses up, i.e. Zone protection, Anti-virus, anti-spyware, vul protection, etc. 



External users connecting to one of our web servers using multi factor auth. They have pin+otp plus an internal AD account they must authenticate with. Since they are a customer, they are not on our network and need to change their passwords per our domain policy. 


I was looking at the form based auth and was wondering if anyone out there is using this and if they ran into any issues? Do the uses mind? Does it prompt them to change their passwords when they are expired? Does it allow them to setup their PIN for their OTP for first use? I know Global protect has this functionality, however we dont want them to have to VPN into us.


All thoughts are welcome!



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!