https://live.paloaltonetworks.com/t5/general-topics/any-way-to-get-this-scenario-configured/m-p/269061#M74584 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/70284">@SThatipelly</a>,</P><P>For the IMEI sidde of things I would really recommend either scripting the setup via the API or manually including the IMEIs within the XML configuration file itself; it makes things much more manageable from that standpoint.&nbsp;</P> Wed, 12 Jun 2019 07:57:54 GMT BPry 2019-06-12T07:57:54Z https://live.paloaltonetworks.com/t5/general-topics/any-way-to-get-this-scenario-configured/m-p/268785#M74570 <P>I have GP Gateway license on my PA-5020 firewalls. I would like to allow 200 corporate owned samsung phones to access the VPN and block all other mobile phones. what are all the options I have to selectively allow them other than having a certificate authentication(because I have external clients connecting to same portal/gateway on laptops)?</P><P>&nbsp;</P><P>thank you.</P> Tue, 11 Jun 2019 15:27:45 GMT https://live.paloaltonetworks.com/t5/general-topics/any-way-to-get-this-scenario-configured/m-p/268785#M74570 SThatipelly 2019-06-11T15:27:45Z https://live.paloaltonetworks.com/t5/general-topics/any-way-to-get-this-scenario-configured/m-p/268890#M74581 <P>Hmmmm.... &nbsp;not sure why you cannot include external devices, you could send them a self signed cert.</P><P>&nbsp;</P><P>either way i would probably include HIP to my security policies and only allow access to known IEMI,s.</P> Tue, 11 Jun 2019 17:58:18 GMT https://live.paloaltonetworks.com/t5/general-topics/any-way-to-get-this-scenario-configured/m-p/268890#M74581 Mick_Ball 2019-06-11T17:58:18Z https://live.paloaltonetworks.com/t5/general-topics/any-way-to-get-this-scenario-configured/m-p/268922#M74582 <P>manually entering IMEis is a admin nightmare for me as the device count is 200+. I wish palo supports importing a list of IMEI.</P> Tue, 11 Jun 2019 18:37:24 GMT https://live.paloaltonetworks.com/t5/general-topics/any-way-to-get-this-scenario-configured/m-p/268922#M74582 SThatipelly 2019-06-11T18:37:24Z https://live.paloaltonetworks.com/t5/general-topics/any-way-to-get-this-scenario-configured/m-p/269061#M74584 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/70284">@SThatipelly</a>,</P><P>For the IMEI sidde of things I would really recommend either scripting the setup via the API or manually including the IMEIs within the XML configuration file itself; it makes things much more manageable from that standpoint.&nbsp;</P> Wed, 12 Jun 2019 07:57:54 GMT https://live.paloaltonetworks.com/t5/general-topics/any-way-to-get-this-scenario-configured/m-p/269061#M74584 BPry 2019-06-12T07:57:54Z https://live.paloaltonetworks.com/t5/general-topics/any-way-to-get-this-scenario-configured/m-p/269283#M74603 <P>Hello,</P><P>How about controling it by who can authenticate to the portal?</P><P>&nbsp;</P><P>Just a thought.</P> Wed, 12 Jun 2019 16:28:01 GMT https://live.paloaltonetworks.com/t5/general-topics/any-way-to-get-this-scenario-configured/m-p/269283#M74603 OtakarKlier 2019-06-12T16:28:01Z https://live.paloaltonetworks.com/t5/general-topics/any-way-to-get-this-scenario-configured/m-p/269285#M74604 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/27580">@OtakarKlier</a>&nbsp;yes I have that enabled. That would limit the user accounts. i would also like to limit the phones.</P> Wed, 12 Jun 2019 16:31:58 GMT https://live.paloaltonetworks.com/t5/general-topics/any-way-to-get-this-scenario-configured/m-p/269285#M74604 SThatipelly 2019-06-12T16:31:58Z