8.6 Configuring Integration with Palo Alto GlobalProtect Gateway

This section provides the configuration information on integrating Advanced Authentication with Palo Alto GlobalProtect Gateway. This integration secures the Palo Alto GlobalProtect Gateway connection.

NOTE:This configuration has been tested with PAN-OS 6.1.5 to 7.1.x and GlobalProtect 2.1x.

To configure the Advanced Authentication integration with Palo Alto GlobalProtect Gateway, perform the following configuration tasks:

8.6.1 Adding the RADIUS Server

  1. Log in to the Palo Alto administrative interface.

  2. Click Device > Server Profiles > RADIUS.

  3. Click Add to add a new RADIUS server profile.

  4. Specify NetIQ RADIUS in Name.

  5. Specify 30 in Timeout.

  6. In the Servers section, click Add to add a RADIUS server and specify the following information:

    • Profile Name

    • Set Timeout and Retries in Server Settings

    • Details in the Servers section

  7. Click Add and configure a connection to the RADIUS server built-in to the Advanced Authentication server.

  8. Click OK.

8.6.2 Adding an Authentication Profile

  1. Click Device > Authentication Profile.

  2. Click New to add a new authentication profile.

  3. Specify the Authentication Profile details such as the server type and user domain.

8.6.3 Configuring GlobalProtect Gateway

  1. Click Network > GlobalProtect > Gateways.

  2. Click on your configured GlobalProtect Gateway to open the properties window.

  3. In the Authentication section of the GlobalProtect Gateway General properties tab, select the NetIQ authentication profile created in Add an Authentication Profile from the list.

  4. Click OK to save the GlobalProtect Gateway settings.