I'm trying to setup two different versions of GlobalProtect SSLVPN endpoints. I already have a single portal + gateway configuration that only routes specific /24s through the VPN. I want to add a second setup that doesn't split-tunnel and instead passes all traffic through the VPN (for use on untrusted networks like public wifi).
Do I need to create an entirely separate Portal as well as Gateway config? Or can I have a single Portal, but multiple gateway configurations, and depending on which hostname is entered in the client config it will change the behavior?
It would be nice to be able to share a public IP for this, but if that's not possible it isn't a deal-breaker (we have a /24). I *can* reuse the same SSL certificate because it is a wildcard, so different hostnames for the different endpoints isn't a problem.
When configuring multiple gateways they cannot be on the same ip address.
It is possible to have more than one gateway on a public IP, but you have to use different ports, loopback interfaces and NAT:
Do you expect the user to chose the right VPN for himself? I don't think they will even care to change the configuration just because they are in an untrusted network. Or do you have users who know that they shouldn't access the company network from untrusted networks?
You can only have one portal/gateway if you don't have a portal license.
I hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!