This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About fpascal4
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About fpascal4
05-23-2022
3Posts
0Likes
0Solutions
May 23, 2022Last Visited
User
Activity
User
Profile
Latest posts by fpascal4
| Subject | Views | Posted |
|---|---|---|
| 1669 | 05-18-2022 02:06 PM | |
| 1689 | 05-18-2022 12:51 PM | |
| 1217 | 05-11-2022 09:42 AM |
User Badges
Community Statistics
| Member Since | 05-11-2022 09:27 AM |
| Date Last Visited | 05-23-2022 02:31 PM |
| Posts | 3 |
05-18-2022
02:06 PM
I think I found the solution. If someone can confirm it's the right solution, I would appreciate it. The Group Policies under Local Computer Policy -> Computer Configuration -> Administrative Templates -> RSA Desktop -> Confidential Provider Filter Settings include a setting called Exclude all third-party Credential Providers. Normally this is disabled, enabling the setting now will allow Windows Hello to prompt for the MFA challenge. Oddly, it seems to only apply to the Windows Hello prompt and not when unlocking a session. The MFA challenge is still not presented when unlocking a session.
... View more
05-18-2022
12:51 PM
We are trying to implement RSA SecurID MFA across our infrastructure, specifically to lock down VPN, cross zone traffic, and essential network assets. On the Window servers and some of the more sensitive mobile devices (Windows laptops) we are installing the RSA SecurID Windows MFA Agent. The RSA MFA works fine if GlobalProtect is not installed on my test laptop. If GlobalProtect is installed the MFA challenge fails to be presented on login or unlocking a session. When I look at the login options on the Windows Hello prompt for logging in, GlobalProtect is presented first, then RSA Windows MFA Agent. MFA does work when bringing up the VPN or hitting the VPN portal with the browser. I don't believe it is a DNS or routing issue, the problem still presents itself when the laptop is on the physical network and VPN is not being used. It might simply be a sequencing issue with GP getting in the way some how. Any ideas on solutions, causes, or settings I need to change? Googling and searching the knowledge bases here and at RSA have yielded nothing. -Freeman Pascal, Rhinocorps, Ltd CO.
... View more
05-11-2022
09:42 AM
We have standardized on RSA SecurID for MFA for GlobalProtect VPN MFA, and locking down our internal network assets. I was asked if it is possible to use RSA SecurID MFA for secondary verification for admin accounts logging into our PA-820. I believe it is, but want to confirm. Is anyone doing this on their firewalls? I tried setting the Authentication Profile for my own admin account on the firewall to the same profile used by our VPN. This is a SASL profile that authenticates against our RSA Cloud Authentication Service. It works fine for VPN, but I get "unknown user or password", specified as my authentication profile. -Freeman
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-23-2022
02:31 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks