Deploying this for a customer with SAML authentication. Will update how it goes. BTW this video answered a lot of questions. Keep the Palo Alto stuff coming! :)
Your videos are awesome. Straight to the point but goes over everything necessary/required where other videos assume you already have X done. Would you be able to do a video around SAML and MFA? Ex: Google + Duo or 0Auth?
Just wanted to let you know you can do DUO sign-in and MFA without having to go through Google, sort of. You'd have to configure your SAML on DUO if you already synchronize Azure AD/Google IDs to DUO. For SSO related things on DUO, you'd need to have a PKI in your environment to be able to utilize this. If you don't have this, I'm not sure with Google, but with Azure AD, you can configure Conditional Access that requires MFA (MS Authenticator or DUO) after signing in. You would configure the SAML on Azure AD and import it in to your PAN FWs. If you have anything radius related, you can also configure Radius to have DUO MFA as well.
Hi Matt, Really enjoy these videos. Thank you for putting them up! I am on my journey with PAs and FGTs, so these config tutorials are expanding my knowledge. A quick question, have you managed to configure RADIUS with GP, or RADIUS auth for admin with WIN2016 Server? I am having quite the tough time as you do when labbing. Cheers!
Hey breakingbisley, Thats good hear! I have a while back. One of my customers was using LDAP authentication but had requirement for users to have the ability to change there domain user account passwords over GlobalProtect. We ended up moving over to RADIUS using Microsoft NPM. Check out out this video ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-1J9ZfwckUbE.html there is a part that discusses/demos RADIUS authentication using NPM and VSAs. I'll add this to my list of videos to create. Hope this helps in the meantime.
Hi great video How the GP will work with PKI certificates? How it will work with existing machine certificates on the client machines? We have 12k users and we do not want to create new certificates and just want to using existing machine/user certificates
Hi Matt , great tutorial , but i have a question , how palo knows that SecAdmin1 user is a vaild user ? looks like the portal only check the certificate itself and not user ? meaning where did you tell the firewall the SecAdmin1 is a vaild user ? hope I was clear.
Hi Matt, Enjoyed the videos. I was wondering if you tested this with macOS. I tried and keep getting keychain prompt whenever GlobalProtect tries to connect. Windows work fine.
Can someone point me in the right direction to Disable Certificate prompt during GlobalProtect login for certificate confirmation through Intune. I need to automatically accept the certificate for my users. Thanks
