Azure Cloud MFA for on-premises Firewall

Occasional Contributor

Hi,

I have to enable Azure cloud MFA for my on-premises firewalls. (FortiGate / palo alto Global protect

 

Can i get any document or step by step guide for this.

1 Reply

It's not something I have done but in my previous job some colleagues integrated Azure MFA with a Cisco VPN and also an RDS Gateway using the NPS extension using radius:

 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension

 

"The Network Policy Server (NPS) extension for Azure MFA adds cloud-based MFA capabilities to your authentication infrastructure using your existing servers."

 

It's an involved configuration but I see Palo Alto support any MFA platform that can use radius, so it could be worth investigating:

 

https://docs.paloaltonetworks.com/compatibility-matrix/mfa-vendor-support/mfa-vendor-support-table.h...

 

There used to be an Azure MFA Server you could install to integrate on-premise systems but that isn't supported for new installations.