Unfortunately for me, my current job as an IT Director probably rests on nailing a major project deliverable within the next ~5-7 business days.
I only have one full time network/security engineer, so we hired a consulting company to help us with integating:
Duo MFA,
Palo Alto VPN,
and Clearpass
Our goal was "simple" -- have a user log into the Palo Alto Global Protect VPN, confirm auth with DUO MFA, and then pass Clearpass OnGuard posting checking, before finally being placed into one of a handful of authorized VLANs (based on security groups in AD).
Right now, we have all of this "almost working" but with a Duo proxy server (some sort of RADIUS server?). The problem is that the Duo proxy server only talks MS CHAP v2 and the Palo only talks CHAP. The consultant looked at getting the Duo working directly with Clearpass instead of the Palo, but so far no joy.
So, our current goal is to use Duo MFA directly with Clearpass (via an API ?) to place users coming in via the Palo VPN into a particular VLAN.
ANY assistance (guides, links, etc) is most sincerely appreciated. Please let me know if you need more info, and I can have my network engineer post here as well.