This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

xauth use on global protect tunnels

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

xauth use on global protect tunnels

jdprovine
L4 Transporter

‎04-30-2018 07:11 AM

how many are using xauth on the global protect tunnels and why ? We are using it because we have users using native clients on PC's and phones (don't want to pay for the mobile license for on)? 

Let me know what you think and the pros and cons of using xauth

0 Likes Likes
7 REPLIES 7

hshawn
L4 Transporter

‎04-30-2018 08:06 AM

I am using it for my lab network so I can avoid the mobile client. Frankly (I cannot speak to the iOS version) the Android client seems like it is an afterthought and looks very dated. I also had some pretty notiable battery drain while I was testing it since it was setup to always be on and would auto connect/disconnect each time I would unlock/relock my phone. Xauth PSK works great and you can have it setup in conjunction with GP. That being said we do not have employees using it from BYOD devices. For that we have another MDM solution with a per-app micro VPN tunnel

0 Likes Likes

jdprovine
L4 Transporter
In response to hshawn

‎04-30-2018 08:16 AM

@hshawn

Thanks for you input. Do you see any security issues when using xauth?

0 Likes Likes

hshawn
L4 Transporter
In response to jdprovine

‎05-01-2018 08:57 AM

I think the standard security issues apply here... of course make sure to use a really good shared key and password for the user, use security policies to further scope down what the user(s) can do/have access to, monitor the VPN connections (these will show up in the GP gateway along side the GP VPN connections) etc...

fjwcash
L4 Transporter
In response to hshawn

‎05-01-2018 09:03 PM

We use it on two GP Gateways to allow Linux stations to connect to the VPN. Along with LDAP user authentication.

And we use it to allow Grandstream 3200-series VoIP handsets to connect to the PBX via the VPN. These are Android-based phones, and it was a lot easier to connect to the GP Gateway than to get SIPS and other stuff enabled on the PBX.

Until there's a working, stable version of the GP Agent for Linux, well continue to use X-Auth for these.
0 Likes Likes

jdprovine
L4 Transporter
In response to fjwcash

‎05-02-2018 06:03 AM

@fjwcash

Have you tried the new version 4.1 GP client its suppose to supporet linux

0 Likes Likes

fjwcash
L4 Transporter
In response to jdprovine

‎05-02-2018 06:59 AM

Not yet. 4.1.0 had lots of issues. 4.1.1 was just released that's supposed to have fixed then, but haven't tested it yet.

Don't you need PanOS 8.x to use GP 4.1? We are just upgrading to 7.1.x with no plans to go to 8.0 this year.
0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to fjwcash

‎05-02-2018 07:35 AM

@fjwcash,

You need to be running at least 7.1 for GP 4.1. 

  • 3527 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks