https://live.paloaltonetworks.com/t5/general-topics/restrict-globalprotect-connection-from-a-single-linux-computer/m-p/303221#M78942 <P>My recommendation is use a client certificate, installed on the Linux computer, that will allow only that computer to authenticate.</P><P>&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/globalprotect/8-1/globalprotect-admin/authentication/about-globalprotect-user-authentication/supported-globalprotect-authentication-methods/client-certificate-authentication.html" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/globalprotect/8-1/globalprotect-admin/authentication/about-globalprotect-user-authentication/supported-globalprotect-authentication-methods/client-certificate-authentication.html</A></P><P>&nbsp;</P><P>It is recommended that you have a Global Protect Gateway license, and if you do, then you can do host information profile checks, that indeed, would use the OS and/or a serial number as an "inspection" prior to being able to gain access to the VPN.</P><P>&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/globalprotect/7-1/globalprotect-admin/use-host-information-in-policy-enforcement/about-host-information" target="_blank">https://docs.paloaltonetworks.com/globalprotect/7-1/globalprotect-admin/use-host-information-in-policy-enforcement/about-host-information</A></P><P>&nbsp;</P><P>&nbsp;</P><P>Please review this doc and let us know if there are any questions.</P> Wed, 11 Dec 2019 14:38:11 GMT S.Cantwell 2019-12-11T14:38:11Z https://live.paloaltonetworks.com/t5/general-topics/restrict-globalprotect-connection-from-a-single-linux-computer/m-p/303213#M78941 <P>Hi everyone,</P><P>&nbsp;</P><P>I must to implement some VPN access control based on computers. By this way, a user will only be able to connect to VPN if agent is executed from a specific computer.</P><P>&nbsp;</P><P>I have read the documentation but I don't find if I can restrict the computer from where a user connects to VPN. All VPN clients are Linux and the control can be based on MAC address or serial ID.</P><P>&nbsp;</P><P>Thanks beforehand.</P> Wed, 11 Dec 2019 13:58:41 GMT https://live.paloaltonetworks.com/t5/general-topics/restrict-globalprotect-connection-from-a-single-linux-computer/m-p/303213#M78941 mikiTeleco 2019-12-11T13:58:41Z https://live.paloaltonetworks.com/t5/general-topics/restrict-globalprotect-connection-from-a-single-linux-computer/m-p/303221#M78942 <P>My recommendation is use a client certificate, installed on the Linux computer, that will allow only that computer to authenticate.</P><P>&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/globalprotect/8-1/globalprotect-admin/authentication/about-globalprotect-user-authentication/supported-globalprotect-authentication-methods/client-certificate-authentication.html" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/globalprotect/8-1/globalprotect-admin/authentication/about-globalprotect-user-authentication/supported-globalprotect-authentication-methods/client-certificate-authentication.html</A></P><P>&nbsp;</P><P>It is recommended that you have a Global Protect Gateway license, and if you do, then you can do host information profile checks, that indeed, would use the OS and/or a serial number as an "inspection" prior to being able to gain access to the VPN.</P><P>&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/globalprotect/7-1/globalprotect-admin/use-host-information-in-policy-enforcement/about-host-information" target="_blank">https://docs.paloaltonetworks.com/globalprotect/7-1/globalprotect-admin/use-host-information-in-policy-enforcement/about-host-information</A></P><P>&nbsp;</P><P>&nbsp;</P><P>Please review this doc and let us know if there are any questions.</P> Wed, 11 Dec 2019 14:38:11 GMT https://live.paloaltonetworks.com/t5/general-topics/restrict-globalprotect-connection-from-a-single-linux-computer/m-p/303221#M78942 S.Cantwell 2019-12-11T14:38:11Z