The Authentication Profiles available on the PaloAlto device limit the usage of the GridGuard server (virtual appliance) to only RADIUS. Therefore, a RADIUS Server Profile must be created on the PaloAlto device.
Create RADIUS Profile
Setup Profile Name
This step creates the RADIUS Server profile for GridGuard. The Secret is used as an authentication key to secure traffic between the PaloAlto device and the GridGuard server (virtual appliance), and is the same as entered on the RADIUS configuration screen on the GridGuard virtual appliance.
- Give the Profile a name (e.g., 'GridRadiusProfile')
- Click Add
- Enter RADIUS server details
(RADIUS Server is FQDN of GridGuard virtual appliance, Secret is used on the GridGuard virtual appliance)
Create RADIUS Authentication Profile
Add RADIUS profile
Once the Server Profile is created, an Authentication Profile must be created that uses that server definition.
- Navigate to Device->Authentication Profile
- Click Add
Set Profile Details
When creating the Authentication Profile, if you plan on using Active Directory groups for Access Control Group, make sure that the User Domain is set to the correct domain. This ensures that the mapping of user to domain is done correctly. User or Group Assignment may also be done under the Advanced tab in this dialog if you want to limit the RADIUS profile itself.
- In the Dialog, give it a name (e.g., "GridRadius").
- If you plan to use LDAP groups to authorize users, make sure to set this value to the Active Directory domain that is used.
- On the Advanced tab, set either to 'all', or to whatever group/users can use this authentication profile.