I'm working with a customer who requrested that we integrate ClearPass with both their Palo Alto and Juniper firewalls (which are currently using Duo Cloud as 2FA for VPN users). The idea being that incoming users would be subject to additional checks and and that the integration allow for single pane viewing in access tracker.
In their current setup, Duo is integrated into their Palos using native methods:
Client (Global Protect) -> Palo Alto -> Duo (AD Connector) : Access Accept
I'm wondering if it's possible to re-architect the existing solultion to integrate CP into the process:
Client (Global Protect) -> Palo Alto -> ClearPass -> Duo (AD Connector) : Access Accept
I haven't found much via the way of documentation on this solution and I'm not sure if it's supported without an on-prem Duo proxy but I'd like to assess my options for integration.
Any insight that can be provided would be greatly appreciated!
Thanks in advance!
Solved! Go to Solution.