Two Phase VPN

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L0 Member

Two Phase VPN

Hello,

 

I have a question regarding the possibility of a 2 phase VPN connection. Please see below for a description of the scenario.

 

User A logs in to global protecting when logging on to their PC. I have this part completed using User logon (Always on). This log on allows basic VPN connectivity to make sure their machine is patched/AV updated, etc. I am now looking for a way to escalate the network privileges to allow full access to the rest of the network. What I am not sure is, on how to get some type of extra layer of authentication to where the user will now log in using 2FA, such as a token to gain this access. What does Global protect offer to perform this next level of authentication? I am thinking of a web page redirect that when the user opens a web browser, they are taken to a splash page to input their username/token.

 

So lets say their initial connection has an ACL like, VPN network permit to networks A,B and C. They are denied access to all other networks (This is a full tunnel so that would include internet). After they hit the redirect and are authenticated using their Token, they now have a allow any any ACL (for example). I am looking to perform this with out any HIP checks (if possible).

 

Thanks in advance for your help!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!