Authentication Changes in PAN-OS 8.1
PEAP-MSCHAPv2 is now the default Authentication Protocol for RADIUS in PAN-OS 8.1; the Auto option is deprecated.
PAN-OS 8.1 has the following change in default behavior for Authentication features:
|Extensible Authentication Protocol (EAP) Support for RADIUS|
All new RADIUS server profiles use PEAP-MSCHAPv2 as the default Authentication Protocol, and the Make Outer Identity Anonymous option is enabled by default.
The Auto option for the Authentication Protocol has been deprecated. With this deprecation, after you upgrade a firewall that was previously configured to use Auto, the firewall will use CHAP or PAP based on the protocol that was in use before the upgrade; a firewall that was not configured to use RADIUS authentication before upgrade will default to CHAP.
After you upgrade, Panorama templates use CHAP as the default authentication protocol.
When you downgrade a firewall that was configured to use PEAP-MSCHAPv2, PEAP with GTC, or EAP-TTLS with PAP, the firewall will default to CHAP.
Authentication CLI and XML API Changes
CLI and XML API changes to authentication features in PAN-OS 8.1. ...
Upgrade/Downgrade Considerations The following table lists the new features that have upgrade or downgrade impacts. Make sure you understand all potential changes before you upgrade ...
Configure RADIUS Authentication
Configure RADIUS Authentication You can configure RADIUS authentication for end users and firewall or Panorama administrators. For administrators, you can use RADIUS to manage authorization ...
Extensible Authentication Protocol (EAP) Support for RADIUS
RADIUS authentication supports PEAP-MSCHAPv2, PEAP with GTC, or EAP-TTLS with PAP for GlobalProtect & Captive Portal authentication & admin access to the firewall & Panorama. ...
Device > Server Profiles > RADIUS
Device > Server Profiles > RADIUS Select Device Server Profiles RADIUS or Panorama Server Profiles RADIUS to configure settings for the Remote Authentication Dial-In User ...
Set Up RADIUS or TACACS+ Authentication
Set Up RADIUS or TACACS+ Authentication RADIUS is a client/server protocol and software that enables remote access servers to communicate with a central server to ...
Device > Server Profiles > TACACS+
Device > Server Profiles > TACACS+ Select Device Server Profiles TACACS+ or Panorama Server Profiles TACACS+ to configure the settings that define how the firewall ...