Is it possible to force a specific user to use SSL over IPSEC to setup a tunnel to Globalprotect

Reply
Highlighted
L2 Linker

Is it possible to force a specific user to use SSL over IPSEC to setup a tunnel to Globalprotect

One user of our company has an issue connection to the GlobalProtect Gateway using IPSEC, but there is also no fallback to SSL.

His ISP carrier is using "Carrier Grade NAT" and this is likely the cause of his issue.

 

I know that we can force SSL connections on the Gateway, but this is a global setting and will be affecting all users, I just want this specific user to use SSL instead of IPSEC....( is there a client side setting allowing this ?)

Tags (3)
L6 Presenter

Re: Is it possible to force a specific user to use SSL over IPSEC to setup a tunnel to Globalprotec

Hmmmm.... yes and no... or no and yes...

We have a similar issue and the easy answer to you question is “NO”.

 

however... we are quite fortunate in having gateway subscription and plenty of ip’s to hand... so we have a portal config that uses gateways for ssl only..

 

probably not what you are after but there is no other option as ipsec is a global setting per gateway.

 

How  many gateways do you have.. you could just make a couple of them ssl only..... do you prefer ipsec to ssl? If not then remove ipsec altogether....

 

HTH.

 

L2 Linker

Re: Is it possible to force a specific user to use SSL over IPSEC to setup a tunnel to Globalprotec

Thanks for the clear answer.

 

We also have plenty of IP's left but we are not goign to waste these precious IP's for a solution for only 1 user at this moment :-)

We will figure something out...( block IPSEC traffic on the client forcing to use SSL instead or so )

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!