Hello, I have a question regarding the possibility of a 2 phase VPN connection. Please see below for a description of the scenario. User A logs in to global protecting when logging on to their PC. I have this part completed using User logon (Always on). This log on allows basic VPN connectivity to make sure their machine is patched/AV updated, etc. I am now looking for a way to escalate the network privileges to allow full access to the rest of the network. What I am not sure is, on how to get some type of extra layer of authentication to where the user will now log in using 2FA, such as a token to gain this access. What does Global protect offer to perform this next level of authentication? I am thinking of a web page redirect that when the user opens a web browser, they are taken to a splash page to input their username/token. So lets say their initial connection has an ACL like, VPN network permit to networks A,B and C. They are denied access to all other networks (This is a full tunnel so that would include internet). After they hit the redirect and are authenticated using their Token, they now have a allow any any ACL (for example). I am looking to perform this with out any HIP checks (if possible). Thanks in advance for your help!
... View more