GlobalProtect, multiple user-selectable endpoints?

Reply
Highlighted
L3 Networker

GlobalProtect, multiple user-selectable endpoints?

I'm trying to setup two different versions of GlobalProtect SSLVPN endpoints.  I already have a single portal + gateway configuration that only routes specific /24s through the VPN.  I want to add a second setup that doesn't split-tunnel and instead passes all traffic through the VPN (for use on untrusted networks like public wifi).

Do I need to create an entirely separate Portal as well as Gateway config?  Or can I have a single Portal, but multiple gateway configurations, and depending on which hostname is entered in the client config it will change the behavior?

It would be nice to be able to share a public IP for this, but if that's not possible it isn't a deal-breaker (we have a /24).  I *can* reuse the same SSL certificate because it is a wildcard, so different hostnames for the different endpoints isn't a problem.

L7 Applicator

Re: GlobalProtect, multiple user-selectable endpoints?

When configuring multiple gateways they cannot be on the same ip address.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
L3 Networker

Re: GlobalProtect, multiple user-selectable endpoints?

It is possible to have more than one gateway on a public IP, but you have to use different ports, loopback interfaces and NAT:

Can GlobalProtect Portal Page be Configured to be Accessed on any Port?

Do you expect the user to chose the right VPN for himself? I don't think they will even care to change the configuration just because they are in an untrusted network. Or do you have users who know that they shouldn't access the company network from untrusted networks?

You can only have one portal/gateway if you don't have a portal license.

I hope this helps.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!