Remote Client VPN Configuration Options

Reply
Highlighted
L0 Member

Remote Client VPN Configuration Options

Is it possible to configure remote vpn client access without a Global Protect Gateway license? It seems that remote client vpn configuration depends on HIP Objects/ Profiles, which in-turn requires Global Protect licensing. Is there a way to configure ip-sec for remote client access? The ip-sec/ ike configuration options seem relevant to site-to-site vpn, but not remote client access. Thanks in advance for any guidance and/ or configuration examples.

L6 Presenter

Re: Remote Client VPN Configuration Options

Hi,

What do you mean by"remote vpn client access" ?You mean vpn with Host Check ? or just ssl vpn ?

HIP license is just for Host check and you need Global Protect Portal and GW license.If you need just ssl vpn you do not need a license.

https://live.paloaltonetworks.com/docs/DOC-2020

L0 Member

Re: Remote Client VPN Configuration Options

The documentation seems to provide the answer I was looking for via the table regarding license requirements on page 3. It looks like a portal license and/ or a gateway subscription is required for HIP (host check) support. I am looking to provide vpn access to remote end users with laptops and iOS devices. Are you saying I can provide SSL VPN to these clients without host check (HIP) without additional licensing?

L6 Presenter

Re: Remote Client VPN Configuration Options

yes you can provide ssl vpn access without license.HIP is not mandatory.Also You can use Xauth for IOS devices.That also without license.But if you want to use appstore Global protect software you need GW license.

https://live.paloaltonetworks.com/docs/DOC-2016

L0 Member

Re: Remote Client VPN Configuration Options

Thank you for your help.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!