10-12-2020 08:14 AM
Hello,
I have a question regarding the possibility of a 2 phase VPN connection. Please see below for a description of the scenario.
User A logs in to global protecting when logging on to their PC. I have this part completed using User logon (Always on). This log on allows basic VPN connectivity to make sure their machine is patched/AV updated, etc. I am now looking for a way to escalate the network privileges to allow full access to the rest of the network. What I am not sure is, on how to get some type of extra layer of authentication to where the user will now log in using 2FA, such as a token to gain this access. What does Global protect offer to perform this next level of authentication? I am thinking of a web page redirect that when the user opens a web browser, they are taken to a splash page to input their username/token.
So lets say their initial connection has an ACL like, VPN network permit to networks A,B and C. They are denied access to all other networks (This is a full tunnel so that would include internet). After they hit the redirect and are authenticated using their Token, they now have a allow any any ACL (for example). I am looking to perform this with out any HIP checks (if possible).
Thanks in advance for your help!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
