04-21-2017 11:49 AM
Hello,
Are you referring to preventing internal users from connecting to the external GP gateway so they cannot VPN while on the internal network?
Please advise,
04-21-2017 11:53 AM
Can you fill us in on how your setup looks currently so that we can actually give you the proper recommendation. Depending on how this was configured there are quite a few ways to actually accomplish this.
04-21-2017 12:23 PM
Its set up with a gateway aand a protal using a loopback interface,tunnel, AD-LDAP authentication and we connect using the global protect client.
04-21-2017 01:58 PM
So your internal users are connecting to the public facing IP of your gateway correct? If that is the case then you could just build a security policy to deny the internal zone to your public IP for example set rulebase security rules "Deny Internal Users to GP" from trust source 10.191.0.0/16 to untrust destination 174.175.176.178 action deny log-start no log-end yes
Better yet if you have it in it's own zone then simply deny the internal users from your GP zone. As long as you allow traffic from your GP zone to your trust zone then you'll be good to go.
04-21-2017 02:02 PM
Correct on your description and I will check it out
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
