GlobalProtect Multiple Auth Failed

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect Multiple Auth Failed

L3 Networker

My GP is only using local database authentication.

My goal was for a small group to have access to specific resources and the everyone else to have access to much narrower resources.

I created 2 Authentication Profiles:  1 with the limited members and the other with everyone else.  The one with limited members I created a local User Group and used that in the Auth profile.  The other Auth Profile I just added all the other local users directly.

 

What I tried was in both the Portal and Gateway was to create 2 Auths under Portal> Agent and under Gateway > Agent > Client settings.  I set the order so the limited group Auth came first specifying the local User Group and then a 2nd Auth with the Users set to any.

 

Per the logs, the Portal authenticated just fine.  The issue was at the Gateway where authentication was failing.

Under Monitor > Global Protect the log was showing gateway authentication was failing with "Authentication failed:  invalid username or password".  We did verify that the correct username and password was being used.

 

In an effort to get things working I ended up creating and Authentication sequence, removed the second Auth from both the Portal and the Gateway and then it all started working correctly.  It's just not what I wanted.  I had to "fix" it by using Security Policies to limit who had access to what.

 

I checked the documentation and forums and couldn't find anything on my situation.  AFAIK I was setting this up and using it as intended.  Again, Portal auth worked fine but it failed at the Gateway.

 

Anyone can shed some light?

 

Thanks

0 REPLIES 0
  • 1060 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!