PAP protocol , NPS, Azure MFA and Global Protect VPN

SingaUser-9433 21 Reputation points

Hi MS,

We are using Palo Alto Global Protect VPN that supports PAP and PEAP-MACHAPv2.

We have successfully setup RADIUS, NPS extension with Azure MFA, and using the PAP protocol the MFA login is working fine.
CHAP is not working.

But we know that PAP is less secured and weaker protocol.
Please let us if it is safe and secure to use PAP with NPS extension and MFA with Global protect VPN?
Also let us know how and where is the PAP protocol is used in the entire process of authentication of the above?

Thank you.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,960 questions
{count} votes

Accepted answer
  1. Sunny Qi 10,896 Reputation points Microsoft Vendor


    Thanks for posting in Q&A platform.

    Please understand that we are not familiar with Azure MFA and Global Protect VPN.

    For PAP protocol, it is the least safe authentication methods. PAP works basically the same way as the normal login procedure. The client authenticates itself by sending a user name and an (optionally encrypted) password to the server, which the server compares to its secrets database. This technique is vulnerable to eavesdroppers who may try to obtain the password by listening in on the serial line, and to repeated trial and error attacks.

    Best Regards,


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

0 additional answers

Sort by: Most helpful