Manualshelf

Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H
151152153154155156157158159160
150 GlobalProtect Administrator’s Guide
Remote Access VPN with Two-Factor Authentication GlobalProtect Quick Configs
Remote Access VPN with Two-Factor Authentication
When you configure a GlobalProtect portal and/or gateway with both an authentication profile and a certificate
profile (called two-factor authentication), the end user will be required to successfully authenticate to both before
being allowed access. For portal authentication, this means that certificates must be pre-deployed to the end
clients before their initial portal connection. Additionally, the certificates presented by the clients must match
what is defined in the certificate profile
If the certificate profile does not specify a username field (that is, the Username Field it is set to None), the
client certificate does not need to have a username. In this case, the client must provide the username when
authenticating against the authentication profile.
If the certificate profile specifies a username field, the certificate that the client presents must contain a
username in the corresponding field. For example, if the certificate profile specifies that the username field
is subject, the certificate presented by the client must contain a value in the common-name field or
authentication will fail. In addition, when the username field is required, the value from the username field
of the certificate will automatically be populated as the username when the user attempts to enter credentials
for authenticating to the authentication profile. If you do not want force users to authenticate with a
username from the certificate, do not specify a username field in the certificate profile.
This quick configuration uses the same topology as Figure: GlobalProtect VPN for Remote Access. However,
in this configuration the clients must authenticate against a certificate profile and an authentication profile. For
more details on a specific type of two-factor authentication, see the following topics:
Enable Two-Factor Authentication
Enable Two-Factor Authentication Using One-Time Passwords (OTPs)
Enable Two-Factor Authentication Using Smart Cards