topic Re: GlobalProtect client in General Topics https://live.paloaltonetworks.com/t5/general-topics/globalprotect-client/m-p/14175#M10414 <HTML><HEAD></HEAD><BODY><P>Hi, Cisco's tunnel group and group policies cannot directly migrated into PA Global Protect gateway. The rule is a single PSK/CERT group per GP gateway, once you need more a new gateway has to be created.</P><P></P><P>In Cisco vision the use of multiple vpn-group was done to segregate traffic in layer3+ pool containers, using PA and its user identification, always present in GP, you can achieve the same security level with only one gateway (and related tunnel group) with a bunch of security rules based on User-ID.</P></BODY></HTML> Mon, 19 May 2014 11:42:41 GMT NGS_SOC 2014-05-19T11:42:41Z GlobalProtect client https://live.paloaltonetworks.com/t5/general-topics/globalprotect-client/m-p/14174#M10413 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-size: 12pt;">Hi</SPAN></P><P><SPAN style="font-size: 12pt;"><BR /></SPAN></P><P><SPAN style="font-size: 12pt;">Any one familiar with Cisco's ipsec vpn-groups ? just wanted to find out how the concept can be implemented with PA.</SPAN></P><P></P><P><SPAN style="font-size: 12pt;">Regards</SPAN></P><P></P><P><SPAN style="font-size: 12pt;">Darlington</SPAN></P></BODY></HTML> Fri, 16 May 2014 16:14:13 GMT https://live.paloaltonetworks.com/t5/general-topics/globalprotect-client/m-p/14174#M10413 dmoyo 2014-05-16T16:14:13Z Re: GlobalProtect client https://live.paloaltonetworks.com/t5/general-topics/globalprotect-client/m-p/14175#M10414 <HTML><HEAD></HEAD><BODY><P>Hi, Cisco's tunnel group and group policies cannot directly migrated into PA Global Protect gateway. The rule is a single PSK/CERT group per GP gateway, once you need more a new gateway has to be created.</P><P></P><P>In Cisco vision the use of multiple vpn-group was done to segregate traffic in layer3+ pool containers, using PA and its user identification, always present in GP, you can achieve the same security level with only one gateway (and related tunnel group) with a bunch of security rules based on User-ID.</P></BODY></HTML> Mon, 19 May 2014 11:42:41 GMT https://live.paloaltonetworks.com/t5/general-topics/globalprotect-client/m-p/14175#M10414 NGS_SOC 2014-05-19T11:42:41Z