Palo Alto Networks Firewall Integration
Hijacking user credentials poses a risk of unauthorized access to accounts. Nowadays, providing additional security steps to solve such problems is possible with the SecTrail verification server.
In this document, you can find information about implementing two-factor authentication with one-time password (SoftOTP) using SecTrail for Palo Alto Networks Firewall.
Integration of SecTrail with Palo Alto Networks Firewall
-
- Credentials are entered on the login screen of Palo Alto Networks Firewall.
- The information (username and password) is sent as a RADIUS request from Palo Alto Networks Firewall to the SecTrail server.
- SecTrail performs user authentication (Active Directory, Database, etc.) and sends a RADIUS response to Palo Alto Networks Firewall. If the authentication is successful, SecTrail sends a one-time password to the address obtained from the user information in the database (AD, LDAP, Local) via SMS or email. An external SMS proxy or email server is used for sending. In case of using a software key (SoftOTP), the password is generated through the SecTrail Authenticator mobile application.
- If the response is successful, Palo Alto Networks Firewall presents the second screen to the user.
- The user enters the one-time password generated by SMS, E-Mail or SecTrail Authenticator mobile application transmitted by SecTrail,
- Palo Alto Networks Firewall sends the one-time password to SecTrail as a RADIUS request,
- SecTrail verifies the one-time password and sends the response to Palo Alto Networks Firewall.
- If the response is successful, Palo Alto Networks Firewall allows the user access and starts the session.
Mobile Application Support
If you want to use SoftOTP, you can ensure your security through the SecTrail Authenticator mobile application.
You can download the SecTrail Authenticator application to your mobile device from the Apple App Store or Google Play Store.