Global Protect VPN with Two Factor Authentication

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi everyone uh today we will we are going to configure the global project on the palo alto firewall and we will be integrating two factor authentication so here uh palo alto will have a interface ethernet ones last one with the ip119.109 and i will have pc to connect the vpn on 109.80 and this interface once last one will be outside interface i will have a one taste subnet one 129.1 slice 32 and uh zone inside and on previous video i have already integrated ad server ldap server and a privacy id otp server so let's start the configuration at first we will generate the certificate dp global protect certificate then common name i will assign the ip my outside interface 109.109 and send by a certificate authority and i will i will add here ip address 192.168.109.1099 then organization test test organization and i will click on generate now the certificate is successfully generated i will trust the certificate next i will configure sltls profile so ls and from the certificate drop down i will select the certificate that i have just generated next thing uh i will be creating one zone for the global protect gp zone and i will enable the user identification i will select l3 click ok next step i'm going to configure one terminal interface from l1 but i will assign personal router default and security zone gp zone global protect zone click on ok ok now i'm going to configure the portal okay before that i have two authentication profile already configured cost profile ldap is integrated radius profile uh privacy idea two factor otp server is already integrated okay so next i'm going to configure the portal i will name it as a gp portal i will select my outside interface once last one ip from the drop down authentication section ssl tls profile i will say just that i have just created now client authentication profile authentication from okay now for the portal i will be using uh earth profile that is ldap or authentication profile for portal authentication click on ok go to agent section config operating system will be any external gateway i will name it as a gateway and ip of the external gateway 192.16.2119.109 and the source reason will be any for now click ok okay now after for the trusted root certificate i will select the certificate that i have generated click ok next step i am going to configure the gateway i will add gateway turn it once last one then select ip authentication profile ssltls profile that i have created a client this time in authentication profile i am going to select the radius authentication click on ok now on again tab i will enable the tunnel i will select the tunnel interface that i have just created and i will assign the max user 5 for now the client setting source will user any reason will be any okay next on ipool i will sign one pool that the user get while connecting to the global product so that tunnel if the user need to go 129.1 32 then the traffic should pass to the tunnel global protect tunnel and accept this subnet all the traffic will pass through the local gateway of the remote pc click ok next when the user is connected they will be at gp zone now i have to create a policy from the gp zone inside zone so global protect allow the user will be at gp zone source address any for now destination uh if user want to go to the inside then listen listen any service in it click allow click on okay now commit the configuration now once the commit is completed we will try to connect to the global protect and see if it is working as expected or not okay so commit is completed now let's try the configuration so what we can do it we can download the client from this ip the credentials of the ldap server so now the required client we can download from here but but i have already client installed on my machine global protect client so i will not download next i will add the ipf portal that is 192.168.109.1 the username see this is the portal and we have for the portal authentication we have added the ldap authentication profile so i will assign and i will pair ldap credentials and password for ldap i will refresh the connection okay device certificate is trusted or not it is trusted next we will go to the portal then okay i will click here now i will try to connect the global protect from the remote pc that has ip119.80 so first we can download the client the portal address and for the portal we have authentication ldap profile so i will try to login with that adaptation sales now uh we can download the required clients but i have already installed that client so i will try to connect okay so now i have portal address 109.109 and for portal i have a username this one and password is i will uh if the password now is gateway on gateway we have two fp profile radius profile so for that i need to use the pin and token so in is one three flow and token is three eight six go from the google authenticator app now i will try to open i will try to connect the global protect okay now i'm able to connect now i will try to release to my loopback ip that is inside zone 192 160. and dot one okay so i am able to reach but when i disconnect this one the connection so this is the configuration thanks for watching

Info

Channel: Network & Security With Aayush

Views: 1,176

Rating: undefined out of 5

Keywords:

Id: FWXQXELRQqI

Channel Id: undefined

Length: 13min 8sec (788 seconds)

Published: Fri May 28 2021