Hello everyone, trying to find a how-to or config guide on how to configure PA-200 that has 2 interfaces configured, eth1/1 and eth1/2 runnin PANOS v5.0.8, downloaded and activated 1.2.7 GP client on the PA-200.
eth1/1 is in untrust zone and setup with ip using dhcp from the ISP
eth1/2 is in trust zone and setup with 192.168.1.1/24
I would like to setup GP on this device with self signed certs for the ca-root and cert to use for gp. the eth1/1 interface (internet) is setup with DDNS, so the fqdn is resolveable to the dhcp assigned ip from outside.
I tried to follow the typical "how to setup gp" docs from the PA KB site, checked out some videos on pa support site, saw some other docs about gp and dual isp etc, but cant find a comprehensive doc that explains what I am trying to do. any help would be appreciated. thank you,
Just configure Global Protect Gateway, that would be easier, let me know if you need any help with that.
There is no issue with DHCP address on WAN interface - GP is supported with that ...
You can use self signed cert in Gateway/Portal, make sure you keep CN name as FQDN.
GP configuration is like wizard, if you miss any detail commit will fail with an error.
For me no issue with GP config based on Portal + gateway on L3 interface in DHCP client mode.
Please follow the "Quick start Guide Global Protect V2".
VinceM, I cannot find this Quick start Guide Global Protect V2 on PA Support site, I found one but its in japanese.
apasupulati, I read this document https://live.paloaltonetworks.com/docs/DOC-2904 and its got some good info, yet not complete info. I also read the https://live.paloaltonetworks.com/docs/DOC-2020 and its also good doc but most of its screenshots are for 4.x and the document is still missing complete instructions.
The issue I have is I have followed all these documents and to my knowledge configured everything the way it should be but yet when I try to access the external IP of my firewall I dont get the portal page and also port 443 on the external interface is not responding to any port checks.
I see documents that say you have to enable https mgmt profile to the external interface, i also see docs that talk about you need routing to be configured between tunnel.1 interface and trust, I also see docs about giving the tunnel.1 doc an ip address, also there are different docs about server cert or server cert with ca on PA box. so my problem is that there are documents all over the place with each document different info from the others, I am just trying to find out if there is a single doc or something that exists that walks you through from head to tail on configuring this GP on a small scale for user VPN access only. on top of all that, how to on split tunnel VPN would be a good help. thank you
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!