GlobalProtect Skillets

Printer Friendly Page

Brief Description

A set of GlobalProtect API and set command configuration skillets based on the Quick Config Guides

 

Target Audience

This skillet is intended for Palo Alto Networks SEs, PSEs, Partners, and Customers that are using GlobalProtect and need a quick start configuration helper

 

Skillet Details

Documentation: https://github.com/PaloAltoNetworks/GPSkillets/blob/panos_v90/README.md

Github Location: https://github.com/PaloAltoNetworks/GPSkillets.git

Github Branches: panos_v90

PAN-OS Versions Supported: 9.x

Type of Skillet: panos, template (set commands)

Collections: globalprotect

 

Full Description

This skillet set is based on the GlobalProtect Quick Config guides and covers two common configuration options:

 

  1. Remote Access VPN
  2. Remote Access VPN with Pre-Logon

 

Remote Access VPN

Configures GlobalProtect elements including the gateway and portal. Also included is a reference LDAP auth profile and a local DB reference user.

 

Remote Access VPN with Pre-Logon

Adds pre-logon to the remote access VPN. Pre-logon is a connect method that establishes a VPN tunnel before a user logs in. The purpose of pre-logon is to authenticate the endpoint (not the user) and enable domain scripts or other tasks to run as soon as the endpoint powers on. Machine certificates enable the endpoint to establish a VPN tunnel to the GlobalProtect gateway. A common practice for IT administrators is to install the machine certificate while staging the endpoint for the user.

 

Deployment Note

These configs create security rules that do not contain any sort of security profile or logging configuration. Please utilize the best practice security profiles from the iron-skillet repository on the rules that get created and read the Best Practices documentation before deploying.

 

 

 

Tags (1)