- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-22-2019 01:29 PM
Has anyone configured PFS on their Global Protect Portal?
Any snags? Is this even possible for the inbound connections to the portal?
05-23-2019 01:38 PM
We are not doing inbound inspection I guess I was wondering if it could be done just for the GP VPN portal or if it had to be on everything. which then makes me wonder what type of issues we may run into with inbound inspection
05-23-2019 02:16 PM
Ahh okay got it. Inbound inspection can be configured fairly specifically to only include one resource such as GP, but you would really want to test it to verify that you have everything working correctly before enabling it for all external traffic. The good news is you can test by including a simple external IP as the source, so testing is certaintly do-able.
Additional SSL Inbound Inspection documentation can be found HERE
06-04-2019 08:08 AM
So I gave this a shot, pretty straight forward but it does not look like it will work for something that terminates at the firewall itself (such as the GP VPN portal) the inbound decrypt rule never gets hit and the ssllabs scan still shows no PFS.
06-04-2019 04:07 PM
How exactly are you terminating the GP Portal interface on the firewall? Do you have it configured on a Loopback interface or an actual layer3 interface on the firewall?
07-27-2020 10:17 AM
Hi,
Did you solve this?
We launched ssllabs to a GP portal website and it shows this:
This server does not support Forward Secrecy with the reference browsers
Is there any way to support PFS for GP portal web?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!