Configure Client Authentication in GlobalProtect Gateway
On the Network tab, navigate to GlobalProtect then Gateways
Click on your configured GlobalProtect gateway, e.g. SSL-VPN, to bring up the configuration window.
Click the Authentication tab
In the Authentication tab, remove the current client authentication if any
Click the Add button to add a new client authentication
Client Authenticaiton window
In Name field, enter DualShield Radius, or any descriptive name you like
In Authentication field, Select the authentication profile created in a previous step, e.g. DualShield Radius
Click OK to save the settings
(Optional) If you aren't using authentication override cookies on your GlobalProtect Gateway already, you may want to enable it to minimize DualShield Radius authentication requests at client reconnection during one gateway session. Refer to the GlobalProtect cookie authentication documentation to fully understand this feature before enabling it.
Click the Agent tab on the left and then click the Client Settings tab.
Click on the name of your config to open it.
(Optional) On the "Authentication Override" tab check the option Generate cookie for authentication override and Accept cookie for authentication override
Set a cookie lifetime and select a certificate to use with the cookie. Note that users will not need to repeat 2FA after their initial success when reconnecting during the cookie lifetime duration.
Click OK (twice if you also enabled authentication override cookies) to save the GlobalProtect Gateway settings.