Why does gateway authentication fail when Portal Auth is successful when SAML Authentication is configured for both?

Why does gateway authentication fail when Portal Auth is successful when SAML Authentication is configured for both?

19019
Created On 02/11/21 00:36 AM - Last Modified 01/27/25 21:08 PM


Question


Why does gateway authentication fail when Portal Auth is successful? SAML Authentication is configured for both Portal and Gateway.

Environment


  • Firewall: Prisma Access / STRATA
  • Software version: 8.1.x , 9.0.x, 9.1.x
  • Global protect version: 5.1.x, 5.2.x

Answer


  1. Under GUI: Network > Global protect  > Portals  > (Portal name) > Agent -> (Agent name) > Authentication >  Components that require Dynamic Passwords (Two-Factor Authentication) ,  " External gateways-manual only" and " External gateways-auto discovery" was checked
  2. This option forces the client to use Dynamic passwords to connect to the gateway and the client was not getting the gateway auth prompt
  3. Disable this and the Global protect client will be able to authenticate to the portal and gateway successfully.
Portal Agent config


 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCqeCAG&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language