02-19-2025 08:06 AM - edited 02-19-2025 08:18 AM
I have a task to use 2 authentication methods - local and SAML on the single GP Portal and Gateway. First check local users and if username not found then check SAML users. As I know authentication sequence isn't supported for SAML. Separating users by OS type isn't way for us because different users (SAML and local) can use the same OS type. Are there any ways to do this task on single firewall?
Thanks.
02-19-2025 02:22 PM
Hi @Dmytro-Ostapenko ,
The only way I have seen this done is creating a second portal/gw. Youd have one set w/ local auth and the other with SAML. What are the requirements behind the 2 separate auths? One for admins and another for regular users?
02-20-2025 08:09 AM
Yes, one auth SAML Entra +2FA for admins and local auth for other users and services. Do we need second ISP link and public IP address in separate virtual router for a second portal/gw or there is another way to deploy it?
02-20-2025 08:19 AM
You don't need second ISP link if your current connection has more than 1 public IP.
Assuming that you have /28 subnet and IP configured on WAN interface is 5.5.5.1/28 then add second IP 5.5.5.2/32 on the same interface and then you can use 5.5.5.2/32 for second GlobalProtect Portal/Gateway.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
