Has anyone configured PFS on their Global Protect Portal?
Any snags? Is this even possible for the inbound connections to the portal?
We are not doing inbound inspection I guess I was wondering if it could be done just for the GP VPN portal or if it had to be on everything. which then makes me wonder what type of issues we may run into with inbound inspection
Ahh okay got it. Inbound inspection can be configured fairly specifically to only include one resource such as GP, but you would really want to test it to verify that you have everything working correctly before enabling it for all external traffic. The good news is you can test by including a simple external IP as the source, so testing is certaintly do-able.
Additional SSL Inbound Inspection documentation can be found HERE
So I gave this a shot, pretty straight forward but it does not look like it will work for something that terminates at the firewall itself (such as the GP VPN portal) the inbound decrypt rule never gets hit and the ssllabs scan still shows no PFS.
Did you solve this?
We launched ssllabs to a GP portal website and it shows this:
This server does not support Forward Secrecy with the reference browsers
Is there any way to support PFS for GP portal web?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!