Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H

26 GlobalProtect Administrator’s Guide

Set Up GlobalProtect User Authentication Set Up the GlobalProtect Infrastructure

Step 2 On the firewall that will act as your

gateway and/or portal, create a RADIUS

server profile.

Best Practice:

When creating the RADIUS server

profile, always enter a Domain name

because this value will be used as the

default domain for User-ID mapping if

users don’t supply one upon login.

1. Select

Device > Server Profiles > RADIUS, click Add and enter

Name for the profile.

2. Enter the RADIUS

Domain name.

3. To add a RADIUS server entry, click

Add in the Servers section

and then enter the following information:

• A descriptive name to identify this RADIUS

Server

• The IP Address of the RADIUS Server

• The shared

Secret used to encrypt sessions between the

firewall and the RADIUS server

• The

Port number on which the RADIUS server will listen for

authentication requests (default 1812)

4. Click

OK to save the profile.

Step 3 Create an authentication profile. 1. Select

Device > Authentication Profile, click Add, and enter a

Name for the profile. The authentication profile name cannot

contain any spaces.

2. Select

RADIUS from the Authentication drop-down.

3. Select the

Server Profile you created for accessing your

RADIUS server.

4. Click

OK to save the authentication profile.

Step 4 Assign the authentication profile to the

GlobalProtect gateway(s) and/or portal.

This section only describes how to add

the authentication profile to the gateway

or portal configuration. For details on

setting up these components, see

Configure GlobalProtect Gateways and

Configure the GlobalProtect Portal.

1. Select

Network > GlobalProtect > Gateways or Portals and

select the configuration (or

Add one).

2. On the

General tab (on the gateway) or the Portal

Configuration

tab (on the portal), select the Authentication

Profile

you just created.

3. Enter an

Authentication Message to guide users as to which

authentication credentials to use.

4. Click

OK to save the configuration.

Step 5 (Optional) Modify the default

authentication behavior on the portal.

This section only describes how to

modify the portal authentication

behavior. For more details, see Define the

GlobalProtect Client Configurations.

1. Select

Network > GlobalProtect > Gateways or Portals and

select the configuration (or

Add one).

2. Select the

Client Configuration tab and then select or Add a

client configuration.

3. On the

General tab, select one of the following values from the

Authentication Modifier field:

•

Cookie authentication for config refresh—Enables the

portal to use an encrypted cookie to authenticate users so

they don’t have to enter multiple OTPs or credentials.

•

Different password for external gateway—Prevents the

agent from forwarding the user credentials it used for portal

authentication on to the gateway to prevent OTP

authentication failures.

4. Click

OK twice to save the configuration.

Enable OTP Support (Continued)