I'm struggling to get what should be a simple palo alto firewall radius solution to work with okta's radius server client with eap-ttls. They apparently don't support this with their native palo alto app and asked to try using a Cisco ASA or Meraki radius app, which do seem to have eap-ttls options. Neither work with the palo. Has anyone had success with a similar implementation?
Fwiw I did run packet captures but they seem to get stuck in an access-request <> access-challenge loop. The okta radius agent seems to not send any eap data in the reply which may be the key here. Other authentication options like PAP or CHAP are not an option in my environment, and unfortunately neither is SAML for this use case.
No comments:
Post a Comment