Mar 18 2022 02:00 AM
HI team
My situation is as follows:
I'm setting up MFA on a Palo Alto Global Protect VPN device and I'm attempting to use RADIUS and the NPS extension for Azure MFA.
I appear to have got this all working 100%, except for some timing issues and the client package not being 100% correctly configured.
My customer's complaint is that they are required to enter the password and do the Azure MFA every time they connect to the VPN and they find this inconvenient.
Is there any configuration or setup option I can do that would only require the MFA approval every 24 hours say? I know this is a long way from best security practice but it's a jarring experience for the customer's users because the current VPN connection method is just a credential login to the Palo Alto device.
I'm also aware that the best practice on this would actually be to configure the PA device to use SAML for authentication but that is outside of the design presented to the customer :(
Anyone got any ideas or suggestions. I suspect it's some in depth radius stuff but I'm not sure...
Mar 28 2022 01:04 AM
Mar 29 2022 01:32 PM
Mar 29 2022 09:02 PM