How to disable global protect portal exposure in public

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to disable global protect portal exposure in public

L1 Bithead

HI all,

it.s that any way I could disable the global protect portal pages exposure in public? Could I just manually install the global protect client to the pc and get the ssl VPN feature works?

7 REPLIES 7

L5 Sessionator

Distributing GlobalProtect Agent

In Active Directory environments, the GlobalProtect Agent can also be distributed to end users, using

active directory group policy. AD Group policies allows administrators to modify Windows host computer

settings and software automatically. Refer to the article at http://support.microsoft.com/kb/816102 for

more information on how to use Group Policy to auto

Alternatively ,

PAN-OS 4.1.7 and later allows the agent to be hosted on an external server for download. This helps reduce

the load on the firewall when users connect to download the agent. This accomplished by using the following

operational mode commands

• set global-protect redirect on

• set global-protect redirect location < path on the external

server>

e.g. set global-protect redirect location http(s)://host/GP/

Ref

I think it is not possible to hide portal page.

is it ?

L4 Transporter

if you use a third party client vpn

you could use only the gateway,

and you could block the portal response http by management profile configuration

I second your opinion.

I'm also very interested in a solution to disable a Portal's Response Page.
Assigning a Management Profile with disabled Response Pages doesn't work for me Smiley Sad
My Portal is bound to a Loopback IF.
PAN-OS 5.0.9

Response page option in management profile has no affect with that portal.

When you enable global protect portal a web server is automaticly works with the interface of portal by port 443.

Response page option is used by Captive Portal.

L2 Linker

You could restrict access by country code as a source address.

If your users travel in the US then you could limit access to that country code.

You could use a Dynamic DNS client on your users laptops. Then add that address to the firewall as a FQDN object.

This could also be helpful.

https://live.paloaltonetworks.com/docs/DOC-6068

  • 7794 Views
  • 7 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!