https://www.jumpcloud.com
My jumpcloud user has been defined as ken.felix and he has enrolled. This user will be enabled as a panos admin in the firewall.
PANOS requires you to define the adminuser and attached a authentication-profile. I also have a service-route due to the fact that I'm using my public-interface and dataplane to gain access to jumpcloud's LDAP-aaS LDAPS server
The PANOS test cmd allows us to validate the user and connectivity to jumpcloud. It will also confirm base and bind DN values
We can review systems admin and logs for details.
NOTE: In the Jumpcloud admin portal to disable the remote-user, remove the account name from the LDAP-group
You can combine Jumpcloud RADIUS-aaS with Duo and provide simple MFA authentication similar to this approach
http://socpuppet.blogspot.com/2017/04/securing-fortigate-sslvpn-with-mfa-by.html
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment