Enable the GlobalProtect portal or gateway to send Vendor-Specific Attributes (VSAs)
to a RADIUS server during authentication, allowing RADIUS administrators to perform
administrative tasks based on those attributes.
When communicating with portals or gateways,
GlobalProtect endpoints send information that includes the endpoint
IP address, operating system (OS), hostname, user domain, and GlobalProtect
app version. You can enable the firewall to send this information
as Vendor-Specific Attributes (VSAs) to a RADIUS server during authentication
(by default, the firewall does not send the VSAs). RADIUS administrators
can then perform administrative tasks based on those VSAs. For example,
RADIUS administrators might use the OS attribute to define a policy
that mandates regular password authentication for Microsoft Windows
users and one-time password (OTP) authentication for Google Android users.
The
following are prerequisites for this procedure:
