04-07-2021 08:23 AM
I need 2FA for administrator access to PaloAlto firewalls. Not SSO. The user credentials cannot be Active Directory for PCI reasons. The accounts for the administrators will need to be in Duo, and the admins will need to be able to change their passwords. Am I correct this will be a Radius setup ? Which DUO “edition” will I need for this? We have 6 firewall admins that will need this. TIA
Greg
04-07-2021 02:49 PM
Hey @gregfuchs,
You can use RADIUS via the Duo Authentication Proxy application on any Duo Edition.
You’ll want to follow our Palo Alto documentation all the way through the section that describes setting up the Authentication Profile.
Duo can only protect administrator logins that use an Authentication Profile. Not ones that live locally on the appliance.
You can add the Authentication Profile to an existing administrator, or add a new administrator (using sAMAccountName as the username) by going to Device > Administrators > Add.
Select the Authentication Profile that you created earlier to point towards the Duo Authentication Proxy.
One quick callout is that you have the option to change between [radius_server_auto], as seen in our documentation, and [radius_server_challenge]. What gives you is a more interactive UI when logging in, as opposed to an automatic Duo Push.
Let us know if you have any questions, or feel free to email our Technical Support Team at support@duo.com.
Thanks!
Colin
06-01-2021 01:51 PM
Hello, I am new to this so excuse my questions in advance.
Has anyone gotten this to work? If so do you have specific instructions to get it setup?
Thank you,
Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide