This section provides the configuration information on integrating Advanced Authentication with Palo Alto GlobalProtect Gateway. This integration secures the Palo Alto GlobalProtect Gateway connection.
NOTE:This configuration has been tested with PAN-OS 6.1.5 to 7.1.x and GlobalProtect 2.1x.
To configure the Advanced Authentication integration with Palo Alto GlobalProtect Gateway, perform the following configuration tasks:
Log in to the Palo Alto administrative interface.
Click Device > Server Profiles > RADIUS.
Click Add to add a new RADIUS server profile.
Specify NetIQ RADIUS in Name.
Specify 30 in Timeout.
In the Servers section, click Add to add a RADIUS server and specify the following information:
Profile Name
Set Timeout and Retries in Server Settings
Details in the Servers section
Click Add and configure a connection to the RADIUS server built-in to the Advanced Authentication server.
Click OK.
Click Device > Authentication Profile.
Click New to add a new authentication profile.
Specify the Authentication Profile details such as the server type and user domain.
Click Network > GlobalProtect > Gateways.
Click on your configured GlobalProtect Gateway to open the properties window.
In the Authentication section of the GlobalProtect Gateway General properties tab, select the NetIQ authentication profile created in Add an Authentication Profile from the list.
Click OK to save the GlobalProtect Gateway settings.