10-23-2014 02:36 AM
Hello,
New customer here, currently working my way though configuring the various parts of the firewall...
At the moment, I'm working on User VPN, and I'm finding it difficult to find clear step-by-step documentation. I did manage to make an SSL vpn connection earlier today, but the only traffic I see on the firewall is DNS and a few LDAP connections to the domain controllers specified in my gateway rule.
The administrator guide obviously mentions VPN, but it seems to jump from place to place, and for someone with limited understanding of the various concepts it mentions (e.g. loopback interfaces, tunnel interfaces etc.) its pretty full on.
Can anyone point to some step by step documentation for a newb?
Thanks
10-23-2014 03:08 AM
Hello AMacaronis,
You may follow below mentioned knowledge base article to better understanding and implementation:
GlobalProtect >>>>>> document for initial setup
How to Configure Global Protect Gateway On Loopback Interface with iPhone Access
Troubleshooting GlobalProtect, PAN-OS 4.1 >>>> Document for basic troubleshooting
Hope this helps.
Thanks
10-23-2014 03:44 AM
Hi Amacarnis,
Global Protect has lots of sub-feature and components, every one can deploy it in a different way. hence its not possible to have just simple configuration steps.
All we have is the Tech Note which covers details on every sub-feature and components.
Regards,
Hardik Shah
10-23-2014 06:07 AM
that's the link I followed for setting mine up, I'm currently testing some of the options and stuff but it does a fairly good job of getting you up and running quickly. It's for an older version so some of the options in various steps are on different tabs and stuff but it's not to hard to find them.
10-23-2014 07:25 AM
And I never could get the certificates working they way that's suggested, I ended up just doing a basic selfsigned cert and using it for GW and portal instead of trying to do a separate root and cert like the documentation suggests.
10-23-2014 07:30 AM
Hello travisj,
If something is not working as expected, it is always recommended to contact PAN support ( if you have a valid support entitelement) and get it fixed.
Thanks
10-23-2014 07:38 AM
document is very old check the ones given before and be sure details are matching.
also if problem is still occurs give some details....
10-23-2014 02:29 PM
Hello Amacaronis
You can refer to Global Protect Administrator's guide apart from the links suggested above. This explains lot of possible ways to configure GlobalProtect like two factor, client-cert authentication, RSA tokens, and more. It also has references to other documents in it. It is pretty big but lot of your doubts should be cleared in this document:
GlobalProtect Administrator's Guide 6.0 (English)
Let us know if you have any specific questions.
Regards,
Dileep
10-23-2014 07:15 PM
Thanks for this...
How about something that explains Loopback and Tunnel interfaces?
10-23-2014 07:46 PM
Hello AMacaronis,
I hope the first DOC will give you the answer for your query: Can GlobalProtect Portal Page be Configured to be Accessed on any Port?
Thanks
10-23-2014 07:50 PM
I was actually more interested in the concept of the loopback interface in general, not specifically related to VPN.
Thanks though.
10-23-2014 11:15 PM
you can configure that interface for many reasons.Especially vpn, captive portal redirect, route purpose etc...
try to search loopback and see many usage purposes.
10-24-2014 04:42 AM
Hi Amacaronis,
Loopback is /32 subnet mask interface, which can be used to terminate IPsec VPN, Global Protect, etc.
You can put it in different zone which gives more flexibility on policy configuration.
Let us know more specific question, that will help us to answer query.
Regards,
Hardik Shah
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
