Basic GlobalProtect Walkthrough

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Basic GlobalProtect Walkthrough

L1 Bithead

Hello,

New customer here, currently working my way though configuring the various parts of the firewall...

At the moment, I'm working on User VPN, and I'm finding it difficult to find clear step-by-step documentation. I did manage to make an SSL vpn connection earlier today, but the only traffic I see on the firewall is DNS and a few LDAP connections to the domain controllers specified in my gateway rule.

The administrator guide obviously mentions VPN, but it seems to jump from place to place, and for someone with limited understanding of the various concepts it mentions (e.g. loopback interfaces, tunnel interfaces etc.) its pretty full on.

Can anyone point to some step by step documentation for a newb?

Thanks

13 REPLIES 13

L7 Applicator

Hello AMacaronis,

You may follow below mentioned knowledge base article to better understanding and implementation:

GlobalProtect  >>>>>> document for initial setup

Global_Protect_PAN_OS5.pdf

How to Configure Global Protect Gateway On Loopback Interface with iPhone Access

Troubleshooting GlobalProtect, PAN-OS 4.1 >>>> Document for basic troubleshooting

Hope this helps.

Thanks

L6 Presenter

Hi Amacarnis,

Global Protect has lots of sub-feature and components, every one can deploy it in a different way. hence its not possible to have just simple configuration steps.

All we have is the Tech Note which covers details on every sub-feature and components.

Regards,

Hardik Shah

L2 Linker

http://digitalscepter.com/wp-content/uploads/2012/05/Palo-Alto-Networks-Global-Protect-A-DS-JumpStar...

that's the link I followed for setting mine up, I'm currently testing some of the options and stuff but it does a fairly good job of getting you up and running quickly.  It's for an older version so some of the options in various steps are on different tabs and stuff but it's not to hard to find them.

And I never could get the certificates working they way that's suggested, I ended up just doing a basic selfsigned cert and using it for GW and portal instead of trying to do a separate root and cert like the documentation suggests.

Hello travisj,

If something is not working as expected, it is always recommended to contact PAN support ( if you have a valid support entitelement) and get it fixed.

Thanks

document is very old check the ones given before and be sure details are matching.

also if problem is still occurs give some details....

Hello Amacaronis

You can refer to Global Protect Administrator's guide apart from the links suggested above. This explains lot of possible ways to configure GlobalProtect like two factor, client-cert authentication, RSA tokens, and more. It also has references to other documents in it. It is pretty big but lot of your doubts should be cleared in this document:

GlobalProtect Administrator's Guide 6.0 (English)

Let us know if you have any specific questions.

Regards,

Dileep

L1 Bithead

Thanks for this...

How about something that explains Loopback and Tunnel interfaces?

Hello AMacaronis,

I hope the first DOC will give you the answer for your query: Can GlobalProtect Portal Page be Configured to be Accessed on any Port?

Thanks

I was actually more interested in the concept of the loopback interface in general, not specifically related to VPN.

Thanks though.

you can configure that interface for many reasons.Especially vpn, captive portal redirect, route purpose etc...

try to search loopback and see many usage purposes.

Hi Amacaronis,

Loopback is /32 subnet mask interface, which can be used to terminate IPsec VPN, Global Protect, etc.

You can put it in different zone which gives more flexibility on policy configuration.

Let us know more specific question, that will help us to answer query.

Regards,

Hardik Shah

  • 6810 Views
  • 13 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!