返回
-
标题
Palo Alto device does not appear to accept the first Defender token response -
说明
When using a Palo Alto device with Defender the first token response does not appear to be accepted.
However a second response from the same token does work. -
原因
3rd Party configuration -
解决办法
Note that this is a 3rd party configuration issue and not an issue with Defender.
We recommend opening a case with Palo Alto support to check your configuration.
Response from Palo Alto support for reference:
---------------
The Global Protect Client will always authenticate to both the Global Protect Portal (to pull new config etc) and then the Gateway (which is the actual VPN service).
The Portal/Gateway should have been configured to cache the OTP used on the initial Portal authentication and re-use it when connecting to the Gateway.
---------------