Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1142
Views
0
Helpful
2
Replies

PaloAlto Administrator 2FA

gregfuchs
Level 1
Level 1

‎04-07-2021 08:23 AM

I need 2FA for administrator access to PaloAlto firewalls. Not SSO. The user credentials cannot be Active Directory for PCI reasons. The accounts for the administrators will need to be in Duo, and the admins will need to be able to change their passwords. Am I correct this will be a Radius setup ? Which DUO “edition” will I need for this? We have 6 firewall admins that will need this. TIA

Greg

Labels:
0 Helpful
2 Replies 2

colin_medfisch
Cisco Employee
Cisco Employee

‎04-07-2021 02:49 PM

Hey @gregfuchs,

You can use RADIUS via the Duo Authentication Proxy application on any Duo Edition.

You’ll want to follow our Palo Alto documentation all the way through the section that describes setting up the Authentication Profile.

Duo can only protect administrator logins that use an Authentication Profile. Not ones that live locally on the appliance.

You can add the Authentication Profile to an existing administrator, or add a new administrator (using sAMAccountName as the username) by going to Device > Administrators > Add.
Select the Authentication Profile that you created earlier to point towards the Duo Authentication Proxy.

One quick callout is that you have the option to change between [radius_server_auto], as seen in our documentation, and [radius_server_challenge]. What gives you is a more interactive UI when logging in, as opposed to an automatic Duo Push.

2X_e_ea43aa09ff6b40c99323da7541f2bec41bb7df79.png

Let us know if you have any questions, or feel free to email our Technical Support Team at support@duo.com.

Thanks!
Colin

0 Helpful

thoff
Level 1
Level 1
In response to colin_medfisch

‎06-01-2021 01:51 PM

Hello, I am new to this so excuse my questions in advance.
Has anyone gotten this to work? If so do you have specific instructions to get it setup?
Thank you,
Tom

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents