My company only allows company issued laptops (Windows only) to remotely connect to our network via VPN. Since these are company devices I feel they should always be restricted to company internet usage polices that only allow access to approved sites and categories. My users are all in office based but do need to remote in for those few work at home days (weather, kid issues, blah blah) or if they are on the road. Out of my 120 devices, only 15 of them even use VPN now so small group.
We are only 2 months into using PA and I have Global Protect configure and working for single tunnel access, AD authentication, with the GP Portal set to user log in (always on). Portal and gateway are on the same device and pointed to the external interface. We do not have HIP licensing or requirements (yet).
I have been playing with the Enforce Global Protect option. I discovered that if I turn that option on I can not log in when I am in the office. I wasn't surprised by this result, and I am having issues finding any documentation on what the correct config is for this scenario and wanted to make sure I wasn't missing some easy setting or config change.
What it looks like I have to do is create a 2nd gateway attached to the internal interface if I want the Enforce option on. Is that correct or is there a setting or something I can make?
That might be needed but didn't fix the issue. I creates an internal gateway went into portal config under internal and add the internal info to that. When I try to connect the GP client from an internal network it seems to see the portal and then tries to get a configuration but then throws a Network connection is unreachable or portal is unresponsive.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!