https://live.paloaltonetworks.com/t5/general-topics/global-protect-basic-mode-for-android-and-pc-licensing-and/m-p/1066#M826 <HTML><HEAD></HEAD><BODY><P>Hi Don,</P><P>We came across a similar requirement as we operate in a mixed device environment and as such use android/ios devices with Xauth-psk (using the native OS client) as opposed to certificates and accept the tradeoff between risk/functionality. </P><P>Just in case it gives you ideas on how to solve your second interface issue, we use the single portal instance configured with multiple gateways (bound to loopbacks) such that a windows/mac device wishing to run the globalprotect client can point at the portal and receive its configuration, whilst other devices can point at the address of their gateway to establish the IPSec tunnel and obtain appropriate IP addressing/policies etc. </P><P>cheers</P><P>damian</P></BODY></HTML> Mon, 12 Nov 2012 20:08:45 GMT dsouthard 2012-11-12T20:08:45Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-basic-mode-for-android-and-pc-licensing-and/m-p/1064#M824 <HTML><HEAD></HEAD><BODY><P>Hello everyone, one of my customers wants to connect using their Android smartphone.&nbsp; I read the doc, seems like the only gotcha is it requires client certs.&nbsp; If I do this, then all SSLVPN users will be required to have client certs.&nbsp; I did not see a way to allow android/ios devices to use client certs while allowing PC's to simply connect in.</P><P></P><P>Has anyone else been faced by this?</P><P></P><P>Also - there is the question of licensing.&nbsp; I have received different answers so I am asking once again,.&nbsp; If I understand correctly:</P><P>1.&nbsp; The PA comes with a portal and SINGLE gw (no license required)&nbsp; </P><P>2.&nbsp;&nbsp; I wanted to have a 2nd sslvpn on a second WAN interface, then I would need to purchase a "gateway License."</P><P></P><P>This is in a HA pair- so will I need a 2nd license\for the Passive PA firewall?</P><P></P><P>Any verification of this woudl be much appreciated,</P><P></P><P>Regards,</P><P></P><P>Don </P></BODY></HTML> Thu, 08 Nov 2012 20:59:03 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-basic-mode-for-android-and-pc-licensing-and/m-p/1064#M824 dbrenipc 2012-11-08T20:59:03Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-basic-mode-for-android-and-pc-licensing-and/m-p/1065#M825 <HTML><HEAD></HEAD><BODY><P>License requirements ::</P><P></P><P>GlobalProtect portal license is one time permanent license. The gateway license is a one or three year</P><P>subscription license.</P><P>1. No license is required for single portal/ gateway deployment without Host checks</P><P>2. Only&nbsp; a portal license is required for multiple gateway deployment without Host check</P><P>3. Portal license and gateway subscription license is required when Host check is implemented, either</P><P>with single or multiple gateways</P><P></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px; background-color: #ffffff;">2nd sslvpn on a second WAN interface would be a Multiple Gateway with Single Portal&nbsp; which would need a&nbsp; portal license.</SPAN></P><P><SPAN style="color: #000000; font-size: 12px; background-color: #ffffff; font-family: Arial, Helvetica, sans-serif;">This is in a HA pair- so will I need a 2nd license\for the Passive PA firewall? :<STRONG>Yes</STRONG></SPAN></P><P><SPAN style="color: #000000; font-size: 12px; background-color: #ffffff; font-family: Arial, Helvetica, sans-serif;"><BR /></SPAN></P><P>Ref:<SPAN style="font-size: 11.0pt; font-family: 'Calibri','sans-serif';"><A _jive_internal="true" href="https://live.paloaltonetworks.com/docs/DOC-2020">https://live.paloaltonetworks.com/docs/DOC-2020</A></SPAN></P></BODY></HTML> Fri, 09 Nov 2012 07:32:26 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-basic-mode-for-android-and-pc-licensing-and/m-p/1065#M825 UhMayYeah 2012-11-09T07:32:26Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-basic-mode-for-android-and-pc-licensing-and/m-p/1066#M826 <HTML><HEAD></HEAD><BODY><P>Hi Don,</P><P>We came across a similar requirement as we operate in a mixed device environment and as such use android/ios devices with Xauth-psk (using the native OS client) as opposed to certificates and accept the tradeoff between risk/functionality. </P><P>Just in case it gives you ideas on how to solve your second interface issue, we use the single portal instance configured with multiple gateways (bound to loopbacks) such that a windows/mac device wishing to run the globalprotect client can point at the portal and receive its configuration, whilst other devices can point at the address of their gateway to establish the IPSec tunnel and obtain appropriate IP addressing/policies etc. </P><P>cheers</P><P>damian</P></BODY></HTML> Mon, 12 Nov 2012 20:08:45 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-basic-mode-for-android-and-pc-licensing-and/m-p/1066#M826 dsouthard 2012-11-12T20:08:45Z