Is it possible to force a specific user to use SSL over IPSEC to setup a tunnel to Globalprotect

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Is it possible to force a specific user to use SSL over IPSEC to setup a tunnel to Globalprotect

L2 Linker

One user of our company has an issue connection to the GlobalProtect Gateway using IPSEC, but there is also no fallback to SSL.

His ISP carrier is using "Carrier Grade NAT" and this is likely the cause of his issue.

 

I know that we can force SSL connections on the Gateway, but this is a global setting and will be affecting all users, I just want this specific user to use SSL instead of IPSEC....( is there a client side setting allowing this ?)

4 REPLIES 4

L7 Applicator

Hmmmm.... yes and no... or no and yes...

We have a similar issue and the easy answer to you question is “NO”.

 

however... we are quite fortunate in having gateway subscription and plenty of ip’s to hand... so we have a portal config that uses gateways for ssl only..

 

probably not what you are after but there is no other option as ipsec is a global setting per gateway.

 

How  many gateways do you have.. you could just make a couple of them ssl only..... do you prefer ipsec to ssl? If not then remove ipsec altogether....

 

HTH.

 

Thanks for the clear answer.

 

We also have plenty of IP's left but we are not goign to waste these precious IP's for a solution for only 1 user at this moment 🙂

We will figure something out...( block IPSEC traffic on the client forcing to use SSL instead or so )

Hi

How can I block IPSEC traffic on the my windows 10 to force client to use SSL

Thanks 

L6 Presenter

Hi,

I think you do not need to do this on client

There is an option in global protect portal / agent/ rule (which you can write a rule for specific user) - apps tab  - Connect with SSL Only

Make this yes for only this user

 

Regards

  • 6932 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!