https://live.paloaltonetworks.com/t5/globalprotect-discussions/portal-url-for-vpn-gateway-no-authentication/m-p/448870#M2164 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/43480">@BPry</a>&nbsp; From that I conclude that this is by design and no security c oncerns. "Kindly, confirm"</P><P>Thank you so much.</P> Sun, 21 Nov 2021 07:06:52 GMT MRamadanAHafiez 2021-11-21T07:06:52Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/portal-url-for-vpn-gateway-no-authentication/m-p/448802#M2161 <P>Hello Bros'</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;I have a strange issue "As I think it is issue". Our configured Portal for downloading the GlobalProtect gateway for our VPN connected employees supposed to authenticate firstly so that if from any where use internet brower <A href="https://x.y.z.k" target="_blank">https://x.y.z.k</A>&nbsp;"portal address" we acccept the certificate, then authenticate normally "name/password".</P><P>But:</P><P>if we copy the browser URL "after authentication process" and past it later on any other browser on any other PC, the URL directly and without any authentication open to the GlobalProtect downnload page.</P><P>I belive this is not normal behaviour even if this page for only downloading the available from any where else agent software.</P><P>Id this acceptable? how to correct this if it's an issue?</P><P>TIA.</P> Sat, 20 Nov 2021 15:48:41 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/portal-url-for-vpn-gateway-no-authentication/m-p/448802#M2161 MRamadanAHafiez 2021-11-20T15:48:41Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/portal-url-for-vpn-gateway-no-authentication/m-p/448813#M2162 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/159497">@MRamadanAHafiez</a>,</P> <P>This is by design, that agent download page itself isn't actually restricted at all. While I would personally consider that to be bad design, it isn't something that you can change. While this means that anyone can download the agent from your portal without entering in a username/password and authenticating, it doesn't allow someone to connect to your gateway without actually authenticating and gaining access to your network.</P> Sat, 20 Nov 2021 16:35:53 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/portal-url-for-vpn-gateway-no-authentication/m-p/448813#M2162 BPry 2021-11-20T16:35:53Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/portal-url-for-vpn-gateway-no-authentication/m-p/448870#M2164 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/43480">@BPry</a>&nbsp; From that I conclude that this is by design and no security c oncerns. "Kindly, confirm"</P><P>Thank you so much.</P> Sun, 21 Nov 2021 07:06:52 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/portal-url-for-vpn-gateway-no-authentication/m-p/448870#M2164 MRamadanAHafiez 2021-11-21T07:06:52Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/portal-url-for-vpn-gateway-no-authentication/m-p/448898#M2165 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/159497">@MRamadanAHafiez</a>,</P> <P>It's by design. The only security concern that would really be raised by this is that someone&nbsp;<EM>could&nbsp;</EM>use it to launch a DoS attack against your GlobalProtect portal by downloading those files from a bunch of different sources and use it to assist in overwhelming your firewall or internet circuit.&nbsp;</P> Sun, 21 Nov 2021 21:05:20 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/portal-url-for-vpn-gateway-no-authentication/m-p/448898#M2165 BPry 2021-11-21T21:05:20Z