How to Configure Palo Alto Global Protect VPN to support RSA AM to be LDAP + Passcode
5 months ago
Article Number
000068047
Applies To
Palo Alto Firewall
Issue
Customer wants to use the RSA AM using RADIUS for VPN to be LDAP + Passcode for Global Protect VPN
Resolution
1- Login to Palo Alto Firewall GUI > Network > GlobalProtect > Portals > Authentication , Choose your LDAP Profile as configured from Customer side
image.png
2- Next go to Agent , and make sure the configured agent for "Save User Credentials" is set to No or Save Username Only. Make sure the Authentication override is disabled to force LDAP everytime.
image.png
3- Next Go to Network > GlobalProtect > Gateways > Authentication, and choose your RSA AM RADIUS profile for your authentication to prompt for passcode

image.png

4- You can choose if you want to perform authentication override for the RSA Passcode section which overrides the authentication if needed, it is according to the customer implementation
Go to Network > GlobalProtect > Gateways > Agent > Client Settings , choose your configured client setting > Authentication Override

image.png
Don't see what you're looking for?