Hello everyone!
If you don't remember, we used to blog about different discussions that would come up on the LIVEcommunity discussion areas that we felt needed to be talked about in a weekly blog, aka Discussion of the Week (DOTW).
This week's topic is going to be talking about Multi-Factor Authentication (MFA) and Two-Factor Authentication (2FA) for GlobalProtect (GP) and PAN-OS.
To start with, the main difference between MFA and 2FA is simple. Two-factor authentication always utilizes two of these factors to verify the user's identity. Multi-factor authentication could involve two of the factors or it could involve all three. “Multi-factor” just means any number of factors greater than one.
I am grouping these together in order to help clear up confusion as well as to help provide information and links on the configuration articles that we have on TechDocs.
There were actually 2 different threads that were talking about these subjects:
https://live.paloaltonetworks.com/t5/general-topics/globalprotect-2fa/td-p/236374
Both of these threads are talking about ways to use MFA or 2FA with GlobalProtect.
Now, these are topics that are covered in-depth inside the Administrator Guides that are located on Palo Alto Networks TechDocs site (https://docs.paloaltonetworks.com/), but I will try to talk a little about it here.
Configuring MFA and 2FA can be tricky at times, as there are many moving components to get this to work properly.
One thing to look at is the order of authentication profiles in: GlobalProtect Gateway Configuration/Authentication.
The other is to ensure that the shared secret is set properly.
There are other things that can complicate things inside of the configurations, but it is always recommended that you start with the Admin Guides, and then if needed, reach out to others here on the LIVEcommunity Discussion Areas (General Topics or GlobalProtect Discussions) for help.
More Info
For all of the information on configuring Authentication, please see these Admin Guides from the TechDocs area:
Note: Please remember that there are different guides depending on what version you select.. so check the versions on the left hand side of the window. You even have options to download the PDF file!
For setting up GP 2FA, please see: Set Up Two-Factor Authentication, There are sections there for using Certificate and Auth profiles, One Time Passwords (OTP), Smart Cards, and even Software Tokens.
For setting up MFA and PAN-OS, please see: Configure Multi-Factor Authentication, there are sections there for RSA SecurID, Okta, and even Duo.
For MFA support, please see the MFA Vendor Support page
Thanks for taking time to read my blog.
If you enjoyed this, please hit the Like (thumbs up) button, don't forget to subscribe to the LIVEcommunity Blog area.
As always, we welcome all comments and feedback in the comments section below.
Stay Secure,
Joe Delio
End of line
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
| Subject | Likes |
|---|---|
| 8 Likes | |
| 3 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes |
