Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
Palo Alto device does not appear to accept the first Defender token response
설명
When using a Palo Alto device with Defender the first token response does not appear to be accepted. However a second response from the same token does work.
원인
3rd Party configuration
해결 방안
Note that this is a 3rd party configuration issue and not an issue with Defender. We recommend opening a case with Palo Alto support to check your configuration.
Response from Palo Alto support for reference: --------------- The Global Protect Client will always authenticate to both the Global Protect Portal (to pull new config etc) and then the Gateway (which is the actual VPN service). The Portal/Gateway should have been configured to cache the OTP used on the initial Portal authentication and re-use it when connecting to the Gateway. ---------------