SyferLock Help Center

Integration Overview

This overview defines the general architecture for integrating the SyferLock GridGuard Server (virtual appliance) with the PaloAlto Firewall running PAN-OS 7.0+.  

Goal

The primary goal of this integration is to provide an enhanced level of security by adding strong authentication when using the PaloAlto Firewall to access protected internal resources.  Using either the Captive Portal or Global Protect Client, PaloAlto users will be able to use SyferLock's GridGuard technology to protect these resources with enhanced authentication methods.

Architecture Diagram - Captive Portal

Architecture Diagram - Captive Portal

The flow of the Captive Portal integration is:

  • The user (1) attempts to access a protected resource located on a private network server (5), located behind the firewall/router (2)
  • A rule on the firewall prevents this access, instead displaying the Captive Portal login page (3)
  • The Captive Portal page (3) uses the GridJS API to communicate with the GridGuard server (4) to display an embedded Grid to the user
  • The user (1) then enters their Username and GridCode and submits to the firewall (2)
  • The firewall (2) uses the RADIUS protocol to authenticate the user with the GridGuard server (4)
  • If authentication is successful, the firewall (2) allows access to the protected resource (5)

Architecture Diagram - GlobalProtect Client

Architecture Diagram - GlobalProtect Client

The flow of the Global Protect integration is:

  • The user (1) launches the GlobalProtect client (2) and enters their UserID and GridCode (3), which is determined from the GridSoftToken installed on a mobile device such as a smart phone.  This is synchronized with the GridGuard server (4) at time of installation.
  • The GlobalProtect client (2) then attempts authentication with the firewall (6)
  • The firewall (6) uses the RADIUS protocol to authenticate the user with the GridGuard server (4)
  • If authentication is successful, the firewall (2) allows access to the protected resource (5)
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk