Please let me know, whether PA supports agentless(GlobalProtect) remote access VPN? With SSL or IPSec.
If it supports, please let me know how to configure it.
Thank you in advance..
Thanks Hithead for your response.
But, its not my imagination; It was a client's requirement and also I said its not possible. They have insisted to getr an answer the same from PA. So, I have posted the question.
As Windows built in VPN client is not standards based IPSec then it does not work with Palo.
You need GlobalProtect agent for it (Cisco vpn client works also).
With IOS and Android you can use GlobalProtect app (you need gateway subscription in your firewall) or you can use built in vpn client and no additional license is required. Built in client is actually Ciscos client.
There are some products out there that support what is called "clientless vpn". In reality this is usually a sort of web-portal that allows the user proxied access to certain applications via browser plugins. GlobalProtect however is a full suite VPN solution that allows for additional security including HIP checks and pre-windows-logon full security VPN. It does support ipsec and SSL but does require a client.
hope this helps
There are products that are able to do remote vpn via web browser based clients only or using the built in clients of the OS. these are especially useful when you are trying to allow a VPN to a vendor or contractor where you do not have access to install software on the computer, or the user will not have the access to do so, or company policy does not allow adding software, or there are already VPN clients installed for use that conflict.
Palo Alto does not support this approach at this time. If you company wants an official answer, you will need to contact your sales engineer or open an officlal support ticket. Palo Alto does not discuss roadmap product features in public forums.
Not all clientless solutions out there does not mean it really works out of the box.
For example you might need to install active-x plugin. To install that you might need Admin permissions and it is not available in Edge browser. There are also Java solutions available but this means that they still need supporting software.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!