From the OS drop-down list, select Any.The Client Authentication window appears. In the Client Authentication section, click Add.In our example, we select the AuthPoint SSL Profile. From the SSL/TSL Service Profile drop-down list, select the SSL Service Profile that you created.From the IPv4 Address drop-down list, select the IP address of the interface that is connected to the Internet.From the IP Address Type drop-down list, select IPv4 Only.From the Interface drop-down list, select the interface that is connected to the Internet.The GlobalProtect Portal Configuration window appears. From the navigation menu, select GlobalProtect > Portals.In the Lockout Time(min) text box, type 0.In the Failed Attempts text box, type 0.In the User Domain text box, type a user domain.In our example, we select the AuthPoint Gateway profile From the Server Profile drop-down list, select the RADIUS service profile created before.From the Type drop-down list select RADIUS.In our example, we name the profile RADIUSAuthPro. Type a name for the authentication profile.The Authentication Profile window appears. From the navigation menu, select Authentication Profile.Leave the default value for other settings. From the Security Zone drop-down list, select trust.
From the Virtual Router drop-down list, select default.From the navigation menu, select Interfaces > Tunnel.From the Source Address drop-down list, select the IP address of this interface.From the Source Interface drop-down list, select the interface which connected to AuthPoint Gateway.From the list, select the RADIUS check box.From the navigation menu, select Setup.You must use this same secret key when you configure a RADIUS client resource in AuthPoint. This key is used to communicate with the RADIUS server (AuthPoint Gateway). In the Secret text box, type a shared secret key.In the RADIUS Server text box, type IP address of the server where the AuthPoint Gateway is installed.In our example, we name the RADIUS server AuthPointGW. To add a RADIUS server, in the Servers section, click Add.From the Authentication Protocol drop-down list, select PAP.In our example, we name this profile AuthPointGateway. In the Profile Name text box, type a name.The RADIUS Server Profile window appears. From the navigation menu, select Service Profiles > RADIUS.From the Max Version drop-down list, select Max.From the Min Version drop-down list, select TLSV1.0.In our example, this is the Server-cert certificate. From the Certificate drop-down list, select the second certificate that you created.In our example, we name the profile AuthPoint SSL Profile. The SSL/TLS Service Profile window appears. From the navigation menu, select Certificate Management > SSL/TSL Service Profile.Export the two certificates that are created.In our example, we select the Root-cert certificate that we created. From the Signed By drop-down list, select the certificate you created.In the Common Name text box, type external interface IP address of the Firebox.In our example, we name this certificate Server-cert. In the Certificate Name text box, type a name.Click Generate to create another certificate.In the Certificate Attributes section, click Add and add Country and Organization certificate attribute values.Select the Certificate Authority check box.In the Common Name text box, type a name.In our example, we name this certificate Root-cert. From the navigation menu, select Certificate Management > Certificates.For more information, see About Gateways.
Globalprotect mfa install#
We recommend that you install the AuthPoint Gateway.
Globalprotect mfa Pc#
You have installed the Palo Alto GlobalProtect in your client PC.You have finished the initialization configure of Palo Alto PA-220.This diagram shows an overview of the configuration required for RADIUS authentication.īefore you begin these procedures, make sure that: Palo Alto Configuration for RADIUS AuthenticationĪuthPoint communicates with various cloud-based services and service providers with the RADIUS protocol.
Globalprotect mfa software#
The hardware and software used in this guide include: