GlobalProtect FIDO2 Support and Browser Issues

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GlobalProtect FIDO2 Support and Browser Issues

L1 Bithead

Hello everyone,

Could you tell me about the following?

 

1. Is FIDO2 authentication supported by Global Protect?

*According to the following website, it appears to be supported.

https://docs.paloaltonetworks.com/whats-new/new-features/june-2024/gp-webview2-63

 

2. If FIDO2 authentication by Global Protect is supported, what versions of the Global Protect client and PAN-OS support FIDO2 authentication?

 

3. According to the article below, it seems that there is a problem with FIDO2 authentication only in the built-in browser, but will it work normally in other browsers regardless of version?

https://live.paloaltonetworks.com/t5/globalprotect-discussions/fido2-support-for-globalprotect-clien...

 

1 accepted solution

Accepted Solutions

Hello Tsushima-san

 

1. This is correct

2. This is also correct

3. Also correct. Most system browsers support FIDO2 with no extra effort. the GlobalProtect embedded browser did not support FIDO2 until recently

4. the PAN-OS version does not matter, FIDO2 happens at the client side. For the firewall this is 'normal' SAML authentication

 

 

Best regards

Tom

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

1. yes but id' probably recommend going with GlobalProtect 6.3

2. 6.2 appears to work as seen in the forum post you linked in 3. . I would aim or GP 6.3 as that has documented support

3. for FIDO2 the usual recommendation is to use the system browser which will always* support FIDO2

 

 

*unless your system browser's security has been set so thight it is unable to interface with the smartkey/smartcard/...

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

L1 Bithead

Hello Reaper-san,

 

My understanding is as follows. Could you please point out any errors?

 

1. FIDO2 authentication via Global Protect is supported.

 

2. The version of the Global Protect client that supports FIDO2 authentication is 6.3.

 

3. No issues with FIDO2 authentication have been reported with browsers other than the built-in browser.

It is recommended to use a browser that supports FIDO2.

 

Just to confirm, what version of PAN-OS supports FIDO2 authentication via Global Protect?

 

Regards,

Yusuke Tsushima

Hello Tsushima-san

 

1. This is correct

2. This is also correct

3. Also correct. Most system browsers support FIDO2 with no extra effort. the GlobalProtect embedded browser did not support FIDO2 until recently

4. the PAN-OS version does not matter, FIDO2 happens at the client side. For the firewall this is 'normal' SAML authentication

 

 

Best regards

Tom

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hello Tom-san,

 

Thank you.

1.~3. I understand that my understanding is correct.

4. I understand that FIDO2 authentication is available regardless of the PAN-OS version.

 

Regards,

Yusuke Tsushima

  • 1 accepted solution
  • 312 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!