beautypg.com

Introduction, Scope of document, Prerequisites – HID Palo Alto Networks and ActivID AS User Manual

Page 3: 0 introduction

background image

ActivID Appliance RADIUS and Palo Alto Networks Integration | RADIUS Channel Integration Handbook

External Release | © 2014 HID Global Corporation/ASSA ABLOY AB. All rights reserved.

Page | 3

1.0 Introduction

Palo Alto Networks GlobalProtect provides security for host systems, such as laptops, that are used in the field by
allowing easy and secure login from anywhere in the world. With GlobalProtect, users are protected against
threats even when they are not on the enterprise network, and application and content usage is controlled on the
host system to prevent leakage of data, and other types of security breaches. This document covers the
configuration of GlobalProtect with ActivID Appliance for remote access VPN with HID Global solutions.

The HID Global ActivID solutions that work with Palo Alto Networks incorporate VPN solutions that are versatile,
with strong authentication that is flexible, scalable, and simple to manage. HID Global Identity Assurance offers
two solutions:

• ActivID

®

AAA Server for Remote Access addresses the security risks associated with a mobile

workforce remotely accessing systems and data.

• ActivID

®

Appliance offers support for multiple authentication methods that are useful for diverse

audiences across a variety of service channels (SAML, Radius, etc.), including user name and
password, mobile and PC soft tokens, one-time passwords, and transparent Web soft tokens.

1.1

Scope of Document

This document explains how to set up ActivID Appliance authentication with Palo Alto Networks GlobalProtect via
a RADIUS channel. Use this handbook to enable authentication via a hard/soft token or an OTP received by
Email/SMS for use with an SSL-protected Palo Alto Networks VPN.

1.2

Prerequisites

• ActivID Appliance 7.2 SP1 and later

• Palo Alto Networks PAN OS 6.0 and later

• GlobalProtect is already installed

• For OOB authentication (Optional): There is an existing Short Message Peer-to-Peer Protocol /

Simple Mail Transfer Protocol (SMPP/SMTP) gateway to send one-time-password OOB codes to

users.

See also other documents in the category HID Equipment: