How to Configure Palo Alto Global Protect VPN to support RSA AM to be LDAP + Passcode

3 months ago

Article Number

000068047

Applies To

Palo Alto Firewall

Issue

Customer wants to use the RSA AM using RADIUS for VPN to be LDAP + Passcode for Global Protect VPN

Resolution

1- Login to Palo Alto Firewall GUI > Network > GlobalProtect > Portals > Authentication , Choose your LDAP Profile as configured from Customer side

2- Next go to Agent , and make sure the configured agent for "Save User Credentials" is set to No or Save Username Only. Make sure the Authentication override is disabled to force LDAP everytime.

3- Next Go to Network > GlobalProtect > Gateways > Authentication, and choose your RSA AM RADIUS profile for your authentication to prompt for passcode

4- You can choose if you want to perform authentication override for the RSA Passcode section which overrides the authentication if needed, it is according to the customer implementation
Go to Network > GlobalProtect > Gateways > Agent > Client Settings , choose your configured client setting > Authentication Override

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles